RSA® Authentication Manager 8.

2
Troubleshooting Guide
Contact Information
RSA Link at https://community.rsa.com contains a knowledgebase that answers common questions and provides solutions
to known problems, product documentation, community discussions, and case management.
Trademarks
RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or
other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go
to www.emc.com/legal/emc-corporation-trademarks.htm#rsa.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Third-Party Licenses
This product may include software developed by parties other than RSA. The text of the license agreements applicable to
third-party software in this product may be viewed on the product documentation page on RSA Link. By using this product, a
user of this product agrees to be fully bound by terms of the license agreements.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 1994-2016 EMC Corporation. All Rights Reserved. Published in the U.S.A.
June 2016
RSA Authentication Manager 8.2 Troubleshooting Guide

Contents
Preface................................................................................................................................... 5
About This Guide................................................................................................................ 5
RSA Authentication Manager 8.2 Documentation.............................................................. 5
Support and Service ............................................................................................................ 7
Before You Call Customer Support............................................................................. 7
............................................................................................................................................. 7

Chapter 1: Troubleshooting Common Error Messages ......................... 9

13003 - AUTHN_LOCKOUT_EVENT ............................................................................. 9
Resolve 13003 - AUTHN_LOCKOUT_EVENT ........................................................ 9
16044 - ACCESS_DATABASE ......................................................................................... 9
16075 - INITIALIZE_PERMISSIONS ............................................................................ 10
16089 - DENIAL_OF_SERVICE..................................................................................... 10
Resolve 16089 - DENIAL_OF_SERVICE................................................................ 10
16112 - REMOVE_ORPHANED_PRINCIPALS............................................................ 10
16262 - BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT ......................11
Resolve 16262 - BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT.11
16264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAILURE .......11
Resolve 16264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAI
LURE .......................................................................................................................11
16265 - DETERMINE_RELATED_IDENTITY_SOURCE.............................................11
Resolve 16265 - DETERMINE_RELATED_IDENTITY_SOURCE ...................... 12
16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED ................................... 12
Resolve 16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED.............. 12
16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED............................................. 13
Resolve 16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED........................ 13
16297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED....................... 13
Resolve 16297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED.. 13
16329 - READ_ACTIVE_USERS ................................................................................... 14
20056 - INSUFFICIENT_PRIVILEGE............................................................................ 14
Resolve 20056 - INSUFFICIENT_PRIVILEGE....................................................... 14
20063 - AUTHMGR_AGENT_CLEAR_NODESECRET .............................................. 14
20214 - AM_CONFIGURATION_UPDATE_FAILED .................................................. 14
Resolve 20214 - AM_CONFIGURATION_UPDATE_FAILED ............................. 15
20239 - EXPORT_DATA_TO_FILE ............................................................................... 15
20240 - GENERATE_EXPORT_SECURITY_PACKAGE ............................................ 15
23002 - AUTH_UNSUPPORTED_PROTOCOL ............................................................ 16
Resolve 23002 - AUTH_UNSUPPORTED_PROTOCOL ....................................... 16
23005 - AUTH_NODE_VERIFICATION ....................................................................... 16
23008 - AUTH_PRINCIPAL_RESOLUTION ................................................................ 17
Resolve 23008 - AUTH_PRINCIPAL_RESOLUTION ........................................... 17
23017 - OA_DATA_DOWNLOAD_FAILED................................................................. 17

3
 RSA Authentication Manager 8.2 Troubleshooting Guide

Resolve 23017 - OA_DATA_DOWNLOAD_FAILED............................................ 17

23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED ......................................... 18
Resolve 23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED .................... 18
23026 - AUTOREG_VERIFY_NODESECRET.............................................................. 18
23036 - AUTOREG_VERIFY_NODESECRET.............................................................. 18
23038 - AUTOREG_DHCP_ERROR .............................................................................. 19
Resolve 23038 - AUTOREG_DHCP_ERROR ......................................................... 19
23039 - AUTOREG_CLEAR_NODESECRET ............................................................... 20
23071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN ....................................... 20
Resolve 23071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN .................. 20
23072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE ....................................... 20
Resolve 23072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE .................. 20
23073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE ............................... 21
Resolve 23073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE .......... 21
23080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID ............................................ 22
Resolve 23080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID ....................... 22
23089 - TR_R_VIA_PRINCIPAL_NOT_DISCOVERED .............................................. 22
Resolve 23089 - TR_R_VIA_PRINCIPAL_NOT_DISCOVERED ......................... 22
23090 - TR_R_VIA_OTP_VERIFICATION_FAIL ........................................................ 22
Resolve 23090 - TR_R_VIA_OTP_VERIFICATION_FAIL ................................... 23
23091 - TR_R_VIA_OTP_NODE_SECRET_UNAVAILABLE .................................... 23
Resolve 23091 - TR_R_VIA_OTP_NODE_SECRET_UNAVAILABLE ............... 23
26011 - PROCESS_REFERENTIAL_INTEGRITY_MESSAGES................................. 23
26041 - ADJUDICATOR_CLOCK_SETBACK.............................................................. 24
Resolve 26041 - ADJUDICATOR_CLOCK_SETBACK ........................................ 24

Chapter 2: RSA Authentication Manager Log Messages .................... 25

4
 RSA Authentication Manager 8.2 Troubleshooting Guide

Preface

About This Guide

This guide describes how to troubleshoot RSA® Authentication Manager 8.2 for
commonly occurring error messages. These error messages are displayed in the
SNMP traps or in the logs. Refer to this guide for basic troubleshooting steps before
calling Customer Support. This guide also lists all the Authentication Manager 8.2
trap messages.
This guide is intended for administrators and other trusted personnel.

RSA Authentication Manager 8.2 Documentation

RSA Authentication Manager 8.2 includes the following documentation.

Title Purpose

Configuration

Planning Guide Describes the high-level architecture of Authentication

Manager and how it integrates with your network.

Hardware Appliance Getting Started Describes how to deploy a hardware appliance and perform
the Authentication Manager Quick Setup process.

Virtual Appliance Getting Started Describes how to deploy a virtual appliance and perform the
Authentication Manager Quick Setup process.

Setup and Configuration Guide Describes how to set up and configure Authentication
Manager, and how to upgrade from version 8.1 Service Pack
1 to version 8.2.

Security Configuration Guide Describes the security configuration settings available in

RSA Authentication Manager. It also describes secure
deployment and usage settings, secure maintenance, and
physical security controls.

Administration

Administrator's Guide Provides an overview of Authentication Manager and its

features. Describes how to configure the system and perform
a wide range of administration tasks, including managing
users and security policies.

Preface 5
 RSA Authentication Manager 8.2 Troubleshooting Guide

Title Purpose

Developer’s Guide Provides information about developing custom programs

using the RSA Authentication Manager application
programming interfaces (APIs). Includes an overview of the
Authentication Manager APIs and the related Javadoc.

Note: The software development kit (SDK) is located in the

RSA Authentication Manager SDK directory of the RSA
Authentication Manager 8.2 Extras ZIP file. The Extras
ZIP file is located on Download Central at
https://download.rsasecurity.com.

Help Desk Administrator’s Guide Provides instructions for the most common tasks that a Help
Desk Administrator performs.

RSA RADIUS Reference Guide Describes the usage and settings for the initialization files,
dictionary files, and configuration files used by RSA
RADIUS.

SNMP Reference Guide Describes how to configure Simple Network Management

Protocol (SNMP) to monitor an instance of Authentication
Manager on a hardware appliance or a virtual appliance.

Troubleshooting Guide Describes the most common error messages in RSA

Authentication Manager and provides the appropriate
actions to troubleshoot each event.

AMBA Custom Application Guide Describes how the RSA Authentication Manager Bulk
Administration (AMBA) command-line utility simplifies the
bulk administration of users, tokens, agents, and so on.
Requires a standalone AMBA license or an Enterprise
license.

Online Help

Security Console Help Describes day-to-day administration tasks performed in the

Security Console.

Operations Console Help Describes configuration and setup tasks performed in the
Operations Console.

Self-Service Console Help Describes how to use the Self-Service Console. To view the
Help, on the Help tab in the Self-Service Console, click
Self-Service Console Help.

6 Preface
 RSA Authentication Manager 8.2 Troubleshooting Guide

Title Purpose

RSA Token Management Snap-In for the Describes how to use software that works with the Microsoft
Microsoft Management Console Help Management Console (MMC) for deployments that have an
Active Directory identity source. Using this snap-in, you can
enable or disable a token, assign a token, or perform other
token-related tasks without logging on to the Security
Console.

Support and Service

You can access community and support information on RSA Link at
https://community.rsa.com. RSA Link contains a knowledgebase that answers
common questions and provides solutions to known problems, product
documentation, community discussions, and case management.
The RSA Ready Partner Program website at www.rsaready.com provides
information about third-party hardware and software products that have been certified
to work with RSA products. The website includes Implementation Guides with
step-by-step instructions and other information on how RSA products work with
third-party products.

Before You Call Customer Support

Please have the following information available when you call:
 Access to the RSA Authentication Manager appliance.
 Your license serial number. To locate the license serial number, do one of the
following:
• Look at the order confirmation e-mail that you received when your ordered
the product. This e-mail contains the license serial number.
• Log on to the Security Console, and click License Status. Click View
Installed License.
 The Authentication Manager appliance software version information. You can
find this information in the top, right corner of the Quick Setup, or in the
Security Console. Log on to the Security Console, and click Software Version
Information.

Preface 7
 RSA Authentication Manager 8.2 Troubleshooting Guide

1 Troubleshooting Common Error Messages

This chapter lists messages that occur for common problems, along with their possible
causes and corresponding resolutions. These messages are for administrative, system,
and authentication events. Each error message includes:
• Action ID. A unique number
• Action Key. A unique title
• Message. Text that describes the issue.
• Description. Additional information about the message.

13003 - AUTHN_LOCKOUT_EVENT
Message: Users “{0}” from security domain “{1}” in identity source “{2}” is locked
out
Description: Principal lockout
Problem: Authentication Manager has locked a user out of the system.

Resolve 13003 - AUTHN_LOCKOUT_EVENT

Procedure
1. In the Security Console, use the Quick Search field to find the user.
2. In the User Dashboard, view the user’s lockout status.
3. Unlock the user’s account.
See the Security Console Help topic “Locked User Accounts” for more information.

16044 - ACCESS_DATABASE
Message: Database access attempted by system
Description: Database access
Problem: An unexpected error occurred when a database access was attempted using
utilities that are different from those used by the Operations Console or Security
Console.
Resolution: Verify if the database is operating correctly and if sufficient storage space
is available.

1: Troubleshooting Common Error Messages 9

 RSA Authentication Manager 8.2 Troubleshooting Guide

16075 - INITIALIZE_PERMISSIONS
Message: System attempted to load permission types from the database
Description: Initialize permissions
Problem: An unexpected error has occurred when loading administrative role
permissions from the database.
Resolution: Verify if the database is operating correctly and if sufficient storage space
is available.

16089 - DENIAL_OF_SERVICE
Message: Denial-of-service attack detected. Server received “{4}” failed
authentications from user “{3}”
Description: Denial-of-service attack detected
Problem: Authentication Manager has detected a series of unsuccessful
authentication attempts from a remote administrative SDK application, suggesting
that an unauthorized individual is attempting to authenticate. The SDK application
might not have the correct WebLogic command client username and password, which
would cause authentication attempts to fail.

Resolve 16089 - DENIAL_OF_SERVICE

Verify that any remote administrative SDK applications have the correct WebLogic
command client username and password.

16112 - REMOVE_ORPHANED_PRINCIPALS
Message: Administrator “{0}” attempted to clean up unresolvable users
Description: Clean up unresolvable users
Problem: Authentication Manager cannot connect to the LDAP directory server.
Resolution: Confirm that the LDAP directory server(s) identified in the identity
source connection information are running and can be connected from the server.

10 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

16262 - BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT
Message: Cleanup of unresolvable users was not possible. Found {3} users ; which
exceeded the automated cleanup limit of {4} users.
Description: Clean up unresolvable users and groups
Problem: The Cleanup Limit canceled an automated cleanup job because more than
the specified number of unresolvable users were found in the database.

Resolve 16262 - BATCH_CLEANUP_ORPHANED_PRINCIPALS_LIMIT_HIT

Verify if any recent changes have been applied to the identity source, such as using a
filter. Such a change may result in a large difference in the number of users located in
the identity source. See “User Data in an LDAP Directory” in the Administrator’s
Guide, for more information on how changes made to user data in an LDAP directory
can affect user authentication and administration.

16264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAI
LURE
Message: User cannot be found across identity sources. User “{3}” will not be
allowed to authenticate for the next 60 minutes..
Description: System cannot process this authentication request
Problem: The user who attempted to authenticate cannot be found in any identity
source.

Resolve 16264 - MARK_FIND_PRINCIPAL_ACROSS_IDENTITYSOURCE_FAILU

RE
Verify if you have made any recent change to the identity source, such as using a filter.
Such a change may result in a large difference in the number of users located in the
identity source.

16265 - DETERMINE_RELATED_IDENTITY_SOURCE
Message: System cannot determine whether identity source “{3}” and identity source
“{4}” are connecting to the same directory server.
Description: Attempting to determine whether the given identity sources connect to
the same directory server.
Problem: A connectivity problem exists between the identity source and the LDAP
directory server. This problem can occur for any of the following reasons:
• Incorrectly configured firewall
• Invalid or expired LDAP credentials
• Certificate expiration

1: Troubleshooting Common Error Messages 11

 RSA Authentication Manager 8.2 Troubleshooting Guide

• Incorrectly configured or altered LDAP filters

• Network issues

Resolve 16265 - DETERMINE_RELATED_IDENTITY_SOURCE

Verify the LDAP connection. For LDAP-related information, see the Operations
Console Help topics, “Add an Identity Source” and “Identity Source SSL
Certificates.” To troubleshoot network issues, see the Operations Console Help topic,
“Verify an IP Address or Hostname.”

16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED
Message: Cannot process requests that need access to identity source “{3}”. The
identity source is currently unreachable.
Description: Failed to connect to identity source.
Problem: Authentication Manager cannot connect to the identity source. This
problem can occur for any of the following reasons:
• Incorrectly configured firewall
• Invalid or expired LDAP credentials
• Certificate expiration
• Incorrectly configured or altered LDAP filters
• Network issues

Resolve 16294 - IDENTITY_SOURCE_GET_CONNECTION_FAILED

Verify the LDAP connection. For LDAP-related information, see the Operations
Console Help topics, “Add an Identity Source” and “Identity Source SSL
Certificates.” To troubleshoot network issues, see the Operations Console Help topic,
“Verify an IP Address or Hostname.”

12 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED
Message: The user’s distinguished name has changed. Either the primary could not
update the user or the primary cannot be contacted. Authentication requests from
“{3}” to this instance will not be successful until primary updates the user.
Description: System cannot process this authentication request
Problem: A connectivity problem exists between the primary and replica instances.

Resolve 16296 - TRACK_USER_MOVE_IN_REPLICA_FAILED

Procedure
1. Check the replication status between the primary and replica instance. For
information, see the Operations Console Help topic, “Check Replication Status.”
2. Verify if you can reach the primary or replica instance by running network tools
and confirming if the replication port 7002/TCP is open. To run network tools, see
the Operations Console Help topic, “Verify an IP Address or Hostname.”
3. Determine if disaster recovery procedures are appropriate. For information, see
the Operations Console Help topic, “Disaster Recovery Situations.”

16297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED
Message: System cannot initialize related identity sources for identity source “{3}”
Description: System cannot initialize related identity source cache.
Problem: Authentication Manager cannot connect to the identity source. This error
can occur under the following circumstances:
• The firewall is configured incorrectly.
• LDAP credentials are invalid or expired.
• A certificate has expired.
• LDAP filters are configured incorrectly or altered.
• Network issues exist.

Resolve 16297 - BUILD_RELATED_IDENTITY_SOURCE_CACHE_FAILED

Verify the LDAP connection. For LDAP-related information, see the Operations
Console Help topics, “Add an Identity Source” and “Identity Source SSL
Certificates.” To troubleshoot network issues, see the Operations Console Help topic,
“Verify an IP Address or Hostname.”

1: Troubleshooting Common Error Messages 13

 RSA Authentication Manager 8.2 Troubleshooting Guide

16329 - READ_ACTIVE_USERS
Message: System failed to read the licensed number of active users from the system
configuration
Description: Unable to read active users from the system configuration
Problem: Authentication Manager licensing is incorrect.
Resolution: Confirm that Authentication Manager has a valid license file. In the
Security Console Help, see the topic “Check License Status.”

20056 - INSUFFICIENT_PRIVILEGE
Message: Administrator “{0}” attempted an action having insufficient privileges.
Description: Insufficient Privilege
Problem: The administrator has insufficient privileges to perform the attempted
action.

Resolve 20056 - INSUFFICIENT_PRIVILEGE

Procedure
1. Verify that the administrator is assigned the correct security domain scope and
permissions. For instructions, see the Security Console Help topic “View All
Administrative Roles Assigned to an Administrator.”
2. If the administrator needs more permissions, either edit the administrative role and
add the appropriate permissions or assign a different role. See the Security
Console Help Topic, “Administrative Role Overview” for more information.

20063 - AUTHMGR_AGENT_CLEAR_NODESECRET
Message: Administrator “{0}” attempted to clear node secret for agent “{4}”
managed in security domain “{5}”
Description: Clear Agent Node Secret
Problem: The node secret has been cleared. No troubleshooting is required.

20214 - AM_CONFIGURATION_UPDATE_FAILED
Message: Administrator “{0}” failed to update AM configuration
Description: Failed to update AM configuration

14 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Problem: An attempt to modify Authentication Manager configuration data has

failed. Either the administrator performing the update does not have permission or the
configuration value has been removed or deprecated.This error can also occur when
an application using UpdateAMConfigurationCommand to update configuration data
lacks sufficient permission.

Resolve 20214 - AM_CONFIGURATION_UPDATE_FAILED

Verify that the administrator has permission to modify the configuration data.
Procedure
1. In the Security Console, go to the Home page.
2. Use Quick Search to find and select the administrator.
3. From the context menu next to the administrator’s username, select
Administrative Roles.
4. Verify that the assigned administrative roles provide sufficient privileges to
modify the configuration data.
5. (Optional) To assign additional administrative roles to this administrator, do the
following:
a. Click Assign Role.
b. Select the role you want to assign to the administrator.
c. Click Assign Role.

20239 - EXPORT_DATA_TO_FILE
Message: Administrator “{0}” attempted to export data to the file “{11}”.
Description: Export Data to file
Problem: The administrator attempted to export user and token data to a file. No
troubleshooting is required.

20240 - GENERATE_EXPORT_SECURITY_PACKAGE
Message: Administrator “{0}” attempted to generate and download export security
package.
Description: Generate Export Security Package
Problem: The administrator attempted to generate and download the export security
package. No troubleshooting is required.

1: Troubleshooting Common Error Messages 15

 RSA Authentication Manager 8.2 Troubleshooting Guide

23002 - AUTH_UNSUPPORTED_PROTOCOL
Message: Received unsupported request from agent “{3}” with IP address “{4}” in
security domain “{5}”. Request type: “{18}”
Description: Received unsupported request.
Problem: The device is unsupported because there is no server interface to handle this
type of network packet.

Resolve 23002 - AUTH_UNSUPPORTED_PROTOCOL

Procedure
1. Verify that the agent host uses a legacy authentication method from agents older
than version 5.x. Authentication Manager 8.2 only accepts agents from releases
5.x and higher.
2. Contact the manufacturer of the user’s authentication device to find out if the
device is eligible to upgrade to a 5.x or higher API.
3. If the device is enabled for RADIUS, verify that the current version is compatible
with the new RADIUS Access-Challenge, including New PIN Mode and Next
Tokencode Mode.

23005 - AUTH_NODE_VERIFICATION
Message: Verifying node secret for the agent “{3}” with IP address “{4}” in security
domain “{5}”
Description: Node secret verification
Problem: There is a problem with the node secret.
Resolution: Clear the node secret in both the Authentication Manager server and
agent. See the Security Console Help topic “Manage the Node Secret.”

16 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

23008 - AUTH_PRINCIPAL_RESOLUTION
Message: Attempting to resolve user by userid or alias “{0}”. Request originated
from agent “{3}” with IP address “{4}” in security domain “{5}”
Description: Resolve principal by userid/alias
Problem: Authentication Manager cannot identify the user through the User ID or
alias. It is possible that multiple users have the same alias. When an administrator
associates an agent and a group, all of the user’s aliases associated with the group are
now searched.
This error can occur under the following circumstances:
• An agent is associated with many groups and two people in different groups have
the same alias.
• An administrator recently associated an agent with a group.

Resolve 23008 - AUTH_PRINCIPAL_RESOLUTION

Procedure
1. In the Security Console, go to the Home page.
2. Use Quick Search to find the user.
3. Click Authentication Settings and view the user alias.
4. Change the user’s alias to be unique.

23017 - OA_DATA_DOWNLOAD_FAILED
Message: Offline authentication data download requested by user “{0}” from agent
“{3}” using token “{8}” failed with error message “{9}”
Description: Offline Authentication Data Download Failed
Problem: A user’s attempt to download offline authentication data failed. This
message can occur when the offline authentication policy settings for the user do not
match the settings for the agent. This can also occur if port 5580/tcp is inaccessible.

Resolve 23017 - OA_DATA_DOWNLOAD_FAILED

Procedure
1. Verify if port 5580/tcp is accessible. For instructions, see the Operations Console
Help topic, “Verify an IP Address or Hostname.”
2. Identify the security domains to which the user and agent belong.
3. If the security domains are different, verify that the offline authentication policies
applied to each security domain do not conflict.
4. Modify the offline authentication policies to resolve any conflicts. See
“Configuring Authentication Policies” in the Administrator’s Guide for more
information.

1: Troubleshooting Common Error Messages 17

 RSA Authentication Manager 8.2 Troubleshooting Guide

23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED
Message: Next tokencode mode activated for token serial number “{16}” assigned to
user “{0}” in security domains “{1}” from “{2}” identity source.
Description: Next tokencode mode activated for token
Problem: A user has failed to authenticate with a specific token more times than the
token policy allows. In next tokencode mode, the user has one chance to enter the
tokencode correctly before authentication fails.

Resolve 23021 - AUTHMGR_NEXT_TOKENCODE_ACTIVATED

This message occurs when a token has failed to authenticate a specific number of
times. You can configure the number of authentication failures allowed before next
tokencode mode is activated in the Security Console. See “Token Policy” in the
Administrator’s Guide for more information.
If this error occurs multiple times, check the accuracy of the Authentication Manager
system clock. Clock drift may have occurred between the Authentication Manager
Server and the token clock. See “Accurate System Date and Time Settings” in the
Setup and Configuration Guide for more information.

Note: Incorrectly or unnecessarily changing the system time may cause a total
authentication outage. If you are not confident of the cause of the problem, contact
RSA Customer Support. Do not attempt to correct clock drift if it is more than plus or
minus one minute.

23026 - AUTOREG_VERIFY_NODESECRET
Message: Verifying node secret for the agent “{3}” with IP address “{4}” in Security
Domain “{5}”
Description: Agent node secret verification
Problem: This message indicates that there is a problem with the node secret.
Resolution: Clear the node secret in both the Authentication Manager server and
agent. See the Security Console Help topic “Manage the Node Secret.”

23036 - AUTOREG_VERIFY_NODESECRET
Message: Verifying node secret for the agent “{3}” with IP address “{4}” in Security
Domain “{5}”
Description: Agent node secret verification
Problem: There is a problem with the node secret.
Resolution: Clear the node secret in both the Authentication Manager server and
agent. See the Security Console Help topic “Manage the Node Secret.”

18 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

23038 - AUTOREG_DHCP_ERROR
Message: While registering an agent “{3}” ; found another agent “{8}” with the same
alias IP address “{4}”. Could not un-assign IP from “{8}”
Description: While registering an agent found another agent with the same alias IP
address.
Problem: During agent registration, another agent was found to have the same alias IP
address.

Resolve 23038 - AUTOREG_DHCP_ERROR

This message is related to auto-registration and DHCP.
Procedure
1. Enable auto-registration. For instructions, see the Security Help topic, “Allow an
Agent to Auto-Register.”
2. Download the server certificate. For instructions, see the Security Console Help
topic, “Download an RSA Authentication Manager Server Certificate.”
3. When setting Agent Auto-Registration settings, change the default Agent IP
Update option to not automatically update the IP addresses of authentication
agents. For more information, see the Security Console Help topic “Configure
Agent Settings.”
4. Check your firewall rules and ensure that the following ports are open to enable
communication between the agent and Authentication Manager instance.

Port Function

5500/UDP Used for communication between

Authentication Manager and authentication
agents.

5580/TCP Authentication agents connect to this port to

perform offline data downloads.

5550/TCP Used by the authentication agent

auto-registration utility. This port must be open.

139/TCP Used by authentication agents to verify whether

the user is a member of a challenge group in
Microsoft Active Directory.

5. Clear the node secret files on the agent. For instructions, see the authentication
agent documentation.
6. Re-install the authentication agent. Choose custom installation, and select
auto-registration during the install process. See your agent documentation for
instructions.

1: Troubleshooting Common Error Messages 19

 RSA Authentication Manager 8.2 Troubleshooting Guide

23039 - AUTOREG_CLEAR_NODESECRET
Message: Cleared node secret for the agent “{3}” in Security Domain “{5}”
Description: Agent node secret has been cleared
Problem: The administrator has manually cleared, generated, and reloaded the node
secret. No troubleshooting is required.

23071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN
Message: Bad tokencode ; but good PIN detected for token serial number “{16}”
assigned to user “{0}” in security domain “{1}” from “{2}” identity source
Description: Authentication attempted.
Problem: The user could not successfully authenticate. It is possible that the user has
forgotten the PIN, or is using the wrong token.

Resolve 23071 - AUTH_FAILED_BAD_TOKENCODE_GOOD_PIN

Procedure
1. Verify that the user is using the correct token as assigned. Ask the user for the
serial number on the back of the token, and verify it against the token serial
number that you see in the Security Console. If the token serial numbers do not
match, ask the user to use the assigned token only.
2. Resynchronize the token assigned to the user. See the Security Console Help topic
“Resynchronize a Token.”
3. Open the Activity Monitor. Ask the user to authenticate using the PIN after
resynchronization, and monitor the log entry in real time. See the Security
Console Help topic, “View Messages in the Activity Monitor.”

23072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE
Message: Bad PIN ; but good tokencode detected for token serial number “{16}”
assigned to user “{0}” in security domain “{1}” from “{2}” identity source
Description: Authentication attempted
Problem: The user who is assigned the token may no longer possess it because the
passcodes are being guessed.

Resolve 23072 - AUTH_FAILED_BAD_PIN_GOOD_TOKENCODE

Confirm if the user possesses the assigned token.
Procedure
1. In the Security Console, go to the Home page.
2. Use Quick Search to find the user.

20 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

3. Select the user to whose token you need to verify.

4. Under Assigned SecurID Tokens, view the token serial number.
5. Ask the user for the serial number on the back of the token, and verify if it
matches the serial number on the Security Console.

23073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE
Message: Bad PIN ; but previous tokencode detected for token serial number “{16}”
assigned to user “{0}” in security domain “{1}” from “{2}” identity source
Description: Authentication attempted
Problem: This error occurred due to any of the following circumstances:
• The user forgot his or her PIN or is using a PIN that is correct for a different token.
• Replication has failed, and the user’s PIN is not updated in the replica instance.
• An unauthorized person possesses the token and is guessing PINs.

Resolve 23073 - AUTH_FAILED_BAD_PIN_PREVIOUS_TOKENCODE

Procedure
1. Check the replication status. See the Operations Console Help topic, “Check
Replication Status.”
2. If the replication status does not display an error, confirm that the serial number
on the back of the token matches the token assigned to the user in the User
Dashboard. If the serial numbers match, clear the PIN.
a. In the Security Console, go to the Home page.
b. Use Quick Search to find the user.
c. Select the user to whose token you need to verify.
d. Under Assigned SecurID Tokens, view the token serial number.
e. If the serial number matches, you need to clear the PIN.
f. Under Assigned SecurID Tokens, select the token with the PIN that needs to
be cleared.
g. Click Clear PIN.
3. Require the user to change the PIN. For instructions, see the Security Console
Help topic “Require Users to Change Their RSA SecurID PINs.”
4. Open the Authentication Activity Monitor and instruct the user to authenticate.
You can see whether the user has authenticated.

1: Troubleshooting Common Error Messages 21

 RSA Authentication Manager 8.2 Troubleshooting Guide

23080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID
Message: Received a SecurID credential ; which the agent is configured to not
accept. Agent “{3}” with IP address “{4}” in security domain “{5}”
Description: SecurID credential type not accepted
Problem: An agent attempted to submit a SecurID passcode. The agent is configured
to handle users who are enrolled in risk-based authentication (RBA), but it is not
configured to authenticate a SecurID passcode.

Resolve 23080 - AUTH_AGENT_DOESNT_ACCEPT_SECURID

Ensure that the agent is configured correctly.
Procedure
1. In the Security Console, click Setup > System Settings.
2. Under Authentication Settings, click Agents.
3. Verify that the authentication settings are correct.
• If the agent is to be used for SecurID authentications, configure the agent to
be used for a normal passcode.
• If the agent is to be used for RBA, configure the agent to redirect to the RBA
server.

23089 - TR_R_VIA_PRINCIPAL_NOT_DISCOVERED
Message: The user “{0}” could not be discovered in the RSA Via Access trusted
realm
Description: Discover the user
Problem: The RSA Via Access user was not found. This message can indicate that
more than one RSA Via Access user has the same User ID in the RSA Via Access
trusted realm. The message might indicate a network or system-level issue, with an
unexpected return code, such as HTTP status code 404 “Page Not Found” or HTTP
status code 500 “Internal Server Error.”

Resolve 23089 - TR_R_VIA_PRINCIPAL_NOT_DISCOVERED

Contact your RSA Via Access administrator.

23090 - TR_R_VIA_OTP_VERIFICATION_FAIL
Message: RSA Via Tokencode verification failed for the user “{0}”
Description: Verify RSA Via Tokencode

22 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Problem: RSA Via Tokencode could not be verified in the RSA Via Access trusted
realm. The message might indicate a network or system-level issue, with an
unexpected return code, such as HTTP status code 404 “Page Not Found” or HTTP
status code 500 “Internal Server Error.”

Resolve 23090 - TR_R_VIA_OTP_VERIFICATION_FAIL

If the message is not caused by a network or system-level issue, the user should try to
authenticate again using an RSA Via Tokencode. If the user still cannot authenticate
with this method, contact your RSA Via Access administrator.

23091 - TR_R_VIA_OTP_NODE_SECRET_UNAVAILABLE
Message: Verifying the node secret for the agent “{3}” with IP address “{4}” in
security domain “{5}”
Description: Agent node secret verification
Problem: The node secret is not set for this agent. A new agent might not have a node
secret, or the node secret might have been cleared on both the agent and the RSA
Authentication Manager instance.

Resolve 23091 - TR_R_VIA_OTP_NODE_SECRET_UNAVAILABLE

Either configure the node secret for this agent manually or complete at least one
successful Authentication Manager user authentication. For information about
creating the node secret file, see the Security Console Help topic “Manage the Node
Secret.”

26011 - PROCESS_REFERENTIAL_INTEGRITY_MESSAGES
Message: Administrator “{0}” attempted to process referential integrity message
Description: Process Referential Integrity Message
Problem: An error occurred while promoting a replica instance to a primary instance.
Resolution: Confirm that the replica promotion has completed successfully. Do not
start the severs before this process is complete. In the Operations Console Help, see
the topic “Promote a Replica Instance.”

1: Troubleshooting Common Error Messages 23

 RSA Authentication Manager 8.2 Troubleshooting Guide

26041 - ADJUDICATOR_CLOCK_SETBACK
Message: Detected clock setback ; current:“{3}” expected:“{4}”
Description: Clock Setback Detected
Problem: If the time difference is less than plus or minus one minute, the
Authentication Manager system clock may not be synchronized with the Network
Time Protocol (NTP) Server. If the time difference is more than plus or minus one
minute, contact RSA Customer Support.

Resolve 26041 - ADJUDICATOR_CLOCK_SETBACK

Procedure
1. Verify that the NTP server is correct and stable.
2. Make sure the Authentication Manager server is synchronized with the NTP
server. For instructions on how to specify the date and time settings, see the
Operations Help topic, “Update System Date and Time Settings.”
Do not set the system clock of the Authentication Manager server back in time.
This is a potential security issue as it can cause expired tokencodes to be used.

24 1: Troubleshooting Common Error Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

2 RSA Authentication Manager Log Messages

This chapter lists all Authentication Manager log messages based on the event
category and action ID. It also lists the corresponding action key, description, and log
message. The log message has placeholders in the “{number}” format, which
represents actual data in the logs and Activity Monitor.
Use this chapter to understand simple network management protocol (SNMP) trap
information captured by a network management system. For more information on the
information displayed by the object identifier structure (OID) in the SNMP trap, see
the RSA Authentication Manager 8.2 SNMP Reference Guide.

Event Category Action ID Action Key Description Message

eventAdmin 10001 CREATE_REALM Create realm Administrator

“{0}” attempted to
create realm “{4}”

eventAdmin 10002 DELETE_REALM Delete realm Administrator

“{0}” attempted to
delete realm “{4}”

eventAdmin 10003 UPDATE_REALM Update realm Administrator

“{0}” attempted to
update realm
“{4}”

eventAdmin 10004 READ_REALM Read realm Administrator

“{0}” attempted to
read realm “{4}”

eventAdmin 10005 CREATE_SECURITY_DOMAIN Create security Administrator

domain “{0}” attempted to
create security
domain “{4}”. The
fully qualified
name of the
domain is “{11}”

2: RSA Authentication Manager Log Messages 25

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10006 DELETE_SECURITY_DOMAIN Delete security Administrator

domain “{0}” attempted to
delete security
domain “{4}”. The
fully qualified
name of the
domain is “{11}”

eventAdmin 10007 UPDATE_SECURITY_DOMAIN Update security Administrator

domain “{0}” attempted to
update security
domain “{4}”. The
fully qualified
name of the
domain is “{11}”

eventAdmin 10008 READ_SECURITY_DOMAIN Read security Administrator

domain “{0}” attempted to
read security
domain “{4}”. The
fully qualified
name of the
domain is “{11}”

eventAdmin 10009 CREATE_IDENTITY_SOURCE Register identity Administrator

source “{0}” attempted to
register identity
source “{6}”

eventAdmin 10010 DELETE_IDENTITY_SOURCE Delete Administrator

registration of “{0}” attempted to
identity source delete the
registration of
identity source
“{6}”

eventAdmin 10011 UPDATE_IDENTITY_SOURCE Update Administrator

registration of “{0}” attempted to
identity source update the
registration of
identity source
“{6}”

eventAdmin 10012 CLEANUP_IDENTITY Clean up identity Administrator

_SOURCE source “{0}” attempted to
clean up identity
sources

26 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10013 CREATE_ATTRIBUTE Create attribute Administrator

“{0}” attempted to
create attribute
“{4}” ; to be
managed in
security domain
“{5}”

eventAdmin 10014 READ_ATTRIBUTE Read attribute Administrator

“{0}” attempted to
read attribute
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10015 UPDATE_ATTRIBUTE Update attribute Administrator

“{0}” attempted to
update attribute
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10016 DELETE_ATTRIBUTE Delete attribute Administrator

“{0}” attempted to
delete attribute
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10017 CREATE_ATTRIBUTE Map attribute Administrator

_MAPPING “{0}” attempted to
map attribute
“{4}” ; managed
in security domain
“{5}” to “{8}”

eventAdmin 10018 READ_ATTRIBUTE_MAPPING Read attribute Administrator

mapping “{0}” attempted to
read attribute
mapping “{4}”’s ;
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 27

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10019 DELETE_ATTRIBUTE Delete attribute Administrator

_MAPPING mapping “{0}” attempted to
delete the mapping
of attribute “{4}” ;
managed in
security domain
“{5}” to “{8}”

eventAdmin 10020 CREATE_ADMIN_ROLE Create Administrator

administrative “{0}” attempted to
role create
administrative role
“{4}” ; to be
managed in
security domain
“{5}”

eventAdmin 10021 DELETE_ADMIN_ROLE Delete Administrator

administrative “{0}” attempted to
role delete
administrative role
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10022 READ_ADMIN_ROLE Read Administrator

administrative “{0}” attempted to
role read administrative
role “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10023 UPDATE_ADMIN_ROLE Update Administrator

administrative “{0}” attempted to
role update
administrative role
“{4}” ; managed
in security domain
“{5}”

28 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10024 LINK_PRINCIPAL_ADMIN Associate Administrator

_ROLE principal with “{0}” attempted to
administrative associate principal
role “{8}” ; stored in
identity source
“{10}” and
managed in
security domain
“{9}”

eventAdmin 10025 UNLINK_PRINCIPAL_ADMIN Disassociate Administrator

_ROLE principal from “{0}” attempted to
administrative disassociate
role principal “{8}” ;
stored in identity
source “{10}” and
managed in
security domain
“{9}”

eventAdmin 10026 CREATE_AUTH_POLICY Create Administrator

authentication “{0}” attempted to
policy create
authentication
policy “{4}” ; to
be managed in
security domain
“{5}”

eventAdmin 10027 DELETE_AUTH_POLICY Delete Administrator

authentication “{0}” attempted to
policy delete
authentication
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10028 UPDATE_AUTH_POLICY Update Administrator

authentication “{0}” attempted to
policy update
authentication
policy “{4}” ;
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 29

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10029 READ_AUTH_POLICY Read Administrator

authentication “{0}” attempted to
policy view
authentication
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10030 CREATE_PWD_POLICY Create password Administrator

policy “{0}” attempted to
create password
policy “{4}” ; to
be managed in
security domain
“{5}”

eventAdmin 10031 DELETE_PWD_POLICY Delete password Administrator

policy “{0}” attempted to
delete password
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10032 UPDATE_PWD_POLICY Update password Administrator

policy “{0}” attempted to
update password
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10033 READ_PWD_POLICY Read password Administrator

policy “{0}” attempted to
view password
policy “{4}” ;
managed in
security domain
“{5}”

30 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10034 CREATE_LOCKOUT_POLICY Create lockout Administrator

policy “{0}” attempted to
create lockout
policy “{4}” ; to
be managed in
security domain
“{5}”

eventAdmin 10035 DELETE_LOCKOUT_POLICY Delete lockout Administrator

policy “{0}” attempted to
delete lockout
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10036 UPDATE_LOCKOUT_POLICY Update lockout Administrator

policy “{0}” attempted to
update lockout
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10037 READ_LOCKOUT_POLICY Read lockout Administrator

policy “{0}” attempted to
view lockout
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10038 UNLINK_SECURITY_DOMAIN Unlink security Administrator

_POLICIES domain policies “{0}” attempted to
unlink polices
from security
domain “{4}”

eventAdmin 10039 CREATE_GROUP Create group Administrator

“{0}” attempted to
create group “{4}”
; to be stored in
identity source
“{6}” and
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 31

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10040 UPDATE_GROUP Update group Administrator

“{0}” attempted to
update group
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10041 REGISTER_GROUP Register group Administrator

“{0}” attempted to
register group
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10042 UNREGISTER_GROUP Unregister group Administrator

“{0}” attempted to
unregister group
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10043 READ_GROUP Read group Administrator

“{0}” attempted to
read group “{4}” ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10044 DELETE_GROUP Delete group Administrator

“{0}” attempted to
delete group “{4}”
; stored in identity
source “{6}” and
managed in
security domain
“{5}”

32 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10045 LINK_GROUP_GROUP Associate group Administrator

with group “{0}” attempted to
associate group
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10046 UNLINK_GROUP_GROUP Disassociate Administrator

group from group “{0}” attempted to
disassociate group
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10047 LINK_GROUP_PRINCIPAL Associate group Administrator

with principal “{0}” attempted to
associate group
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10048 UNLINK_GROUP_PRINCIPAL Disassociate Administrator

Group from “{0}” attempted to
Principal disassociate group
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10049 FIND_ORPHANED_GROUPS Find unresolvable Administrator

groups “{0}” attempted to
find unresolvable
groups in identity
source “{4}”

2: RSA Authentication Manager Log Messages 33

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10050 REMOVE_ORPHANED Remove Administrator

_GROUPS unresolvable “{0}” attempted to
groups clean up
unresolvable
groups in identity
source “{4}”

eventAdmin 10051 CREATE_PRINCIPAL Create principal Administrator

“{0}” attempted to
create principal
“{4}” ; to be
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10052 REGISTER_PRINCIPAL Register principal Administrator

“{0}” attempted to
register principal
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10053 UNREGISTER_PRINCIPAL Unregister Administrator

principal “{0}” attempted to
unregister
principal “{4}” ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10054 DELETE_PRINCIPAL Delete principal Administrator

“{0}” attempted to
delete principal
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

34 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10055 UPDATE_PRINCIPAL Update principal User “{0}”

attempted to
update principal
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10056 READ_PRINCIPAL Read principal Administrator

“{0}” attempted to
read principal
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10057 FIND_ORPHANED Find unresolvable Administrator

_PRINCIPALS users “{0}” attempted to
find unresolvable
users in identity
source “{4}”

eventAdmin 10059 CREATE_PRINCIPAL Assign console Administrator

_PREFERENCES preferences to “{0}” attempted to
principal assign preferences
to principal “{4}” ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10060 DELETE_PRINCIPAL Remove console Administrator

_PREFERENCES preferences for “{0}” attempted to
principal remove
preferences for
principal “{4}” ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 35

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10061 UPDATE_PRINCIPAL Update console Administrator

_PREFERENCES preferences for “{0}” attempted to
principal update preferences
for principal ;
“{4}” stored in
identity source
“{6}” and
managed in
security domain
“{5}”

eventAdmin 10062 READ_PRINCIPAL Read console Administrator

_PREFERENCES preferences for “{0}” attempted to
principal read preferences
for principal “{4}”
; stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10063 CREATE_REALM Assign console Administrator

_PREFERENCES preferences to “{0}” attempted to
realm assign preferences
for realm “{5}”

eventAdmin 10064 DELETE_REALM Remove console Administrator

_PREFERENCES preferences for “{0}” attempted to
realm remove
preferences for
realm “{5}”

eventAdmin 10065 UPDATE_REALM Update console Administrator

_PREFERENCES preferences for “{0}” attempted to
realm change preferences
for realm “{5}”

eventAdmin 10066 READ_REALM_PREFERENCES Read console Administrator

preferences for “{0}” attempted to
realm read preferences
for realm “{5}”

eventAdmin 10067 DEREFERENCE_REALM Dereference Administrator

realm “{0}” attempted to
dereference realm
“{4}”

36 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10068 CREATE_REPORT_QUERY Create report Administrator

query “{0}” attempted to
create report query
“{4}” ; to be
managed in
security domain
“{5}”

eventAdmin 10069 DELETE_REPORT_QUERY Delete report Administrator

query “{0}” attempted to
delete report query
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10070 UPDATE_REPORT_QUERY Update report Administrator

query “{0}” attempted to
update report
query “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10071 READ_REPORT_QUERY Read report query Administrator

“{0}” attempted to
read report query
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10072 SESSION_FORCED_LOGOFF Force session Administrator

logoff for “{0}” attempted a
principal forced session
logoff for principal
“{4}” ; stored in
identity source
“{6}” and
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 37

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10073 SESSION_FETCH Fetch session for Administrator

principal “{0}” attempted to
fetch the session of
principal “{4}” ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10074 SESSION_MODIFICATION Session attribute Administrator

modification “{0}” modified a
session attribute of
principal “{4}” ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10075 ASSOCIATE_PWD_POLICY_TO Associate Administrator

_SECURITY_DOMAIN password policy “{0}” attempted to
with security associate a
domain password policy
with a security
domain

eventAdmin 10076 ASSOCIATE_LOCKOUT Associate lockout Administrator

_POLICY_TO_SECURITY policy with “{0}” attempted to
_DOMAIN security domain associate a lockout
policy with a
security domain

eventAdmin 10077 ASSOCIATE_AUTHN_POLICY Associate Administrator

_TO_SECURITY_DOMAIN authentication “{0}” attempted to
policy with associate an
security domain authentication
policy with a
security domain

eventAdmin 10078 DIS_ASSOCIATE_PWD Disassociate Administrator

_POLICY_FROM_SECURITY password policy “{0}” attempted to
_DOMAIN from security disassociate a
domain password policy
from a security
domain

38 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10079 DIS_ASSOCIATE_LOCKOUT Disassociate Administrator

_POLICY_FROM_SECURITY lockout policy “{0}” attempted to
_DOMAIN from security disassociate a
domain lockout policy
from a security
domain

eventAdmin 10080 DIS_ASSOCIATE_AUTHN Disassociate Administrator

_POLICY_FROM_SECURITY authentication “{0}” attempted to
_DOMAIN policy from disassociate an
security domain authentication
policy from a
security domain

eventAdmin 10081 CREATE_SELFSERVICE Create Administrator

_POLICY self-service “{0}” attempted to
troubleshooting create self-service
policy troubleshooting
policy “{4}” ; to
be managed in
security domain
“{5}”

eventAdmin 10082 DELETE_SELFSERVICE Delete Administrator

_POLICY self-service “{0}” attempted to
troubleshooting delete self-service
policy troubleshooting
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10083 UPDATE_SELFSERVICE Update Administrator

_POLICY self-service “{0}” attempted to
troubleshooting update self-service
policy troubleshooting
policy “{4}” ;
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 39

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10084 READ_SELFSERVICE_POLICY Read self-service Administrator

troubleshooting “{0}” attempted to
policy view self-service
troubleshooting
policy “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10085 ASSOCIATE_SELFSERVICE Associate Administrator

_POLICY_TO_SECURITY self-service “{0}” attempted to
_DOMAIN troubleshooting associate a
policy with self-service
security domain troubleshooting
policy with a
security domain

eventAdmin 10086 DIS_ASSOCIATE Disassociate Administrator

_SELFSERVICE_POLICY self-service “{0}” attempted to
_FROM_SEC_DOM troubleshooting disassociate a
policy from self-service
security domain troubleshooting
policy from a
security domain

eventAdmin 10087 UPDATE_SECURITY Update security Administrator

_QUESTIONS_POLICY question policy “{0}” attempted to
update security
question policy
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10088 READ_SECURITY Read security Administrator

_QUESTIONS_POLICY question policy “{0}” attempted to
view security
question policy
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10089 READ_SECURITY Read security Administrator

_QUESTIONS_LIST questions list “{0}” attempted to
view security
questions list
?c{4}”

40 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10200 CREATE_TRUST Create trust realm Administrator

“{0}” attempted to
create trust realm
“{4}” ; to be
managed in
security domain
“{5}”

eventAdmin 10201 DELETE_TRUST Delete trust realm Administrator

“{0}” attempted to
delete trust realm
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10202 UPDATE_TRUST Update trust Administrator

realm “{0}” attempted to
update trust realm
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10203 READ_TRUST Read trust realm Administrator

“{0}” attempted to
read trust realm
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10204 MANAGE_ATTR_CATEGORY Manage attribute Administrator

category “{0}” attempted to
manage attribute
category“{4}” ;
managed in
security domain
“{5}”

eventAdmin 10205 IMPORT_PWD_DICTIONARY Import Password Administrator

Dictionary “{0}” attempted to
import password
dictionary “{4}”

eventAdmin 10206 EXPORT_PWD_DICTIONARY Export Password Administrator

Dictionary “{0}” attempted to
export password
dictionary “{4}”

2: RSA Authentication Manager Log Messages 41

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10207 DELETE_PWD_DICTIONARY Delete Password Administrator

Dictionary “{0}” attempted to
delete password
dictionary “{4}”

eventAdmin 10208 READ_PWD_DICTIONARY Read Password Administrator

Dictionary “{0}” attempted to
read password
dictionary “{4}”

eventAdmin 10209 DELETE_BATCH_JOB Delete batch job Administrator

“{0}” attempted to
delete “{11}”
batch job “{4}”

eventAdmin 10210 READ_BATCH_JOB Read batch job Administrator

“{0}” attempted to
read “{11}” batch
job “{4}”

eventAdmin 10211 READ_SCHEDULE_JOB Read scheduled Administrator

job “{0}” attempted to
read scheduled
“{11}” batch job
“{4}”

eventAdmin 10212 ADD_BATCH_JOB Add batch job Administrator

“{0}” attempted to
add “{11}” batch
job “{4}”

eventAdmin 10213 SCHEDULE_BATCH_JOB Schedule batch Administrator

job “{0}” attempted to
schedule “{11}”
batch job “{4}”

eventAdmin 10214 DELETE_SCHEDULE_JOB Delete scheduled Administrator

job “{0}” attempted to
delete scheduled
“{11}” job “{4}”

eventAdmin 10215 CANCEL_BATCH_JOB Cancel batch job Administrator

“{0}” attempted to
cancel “{11}”
batch job “{4}”

42 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10216 CANCEL_SCHEDULE_JOB Cancel scheduled Administrator

job “{0}” attempted to
cancel scheduled
“{11}” batch job
“{4}”

eventAdmin 10217 READ_REPORT_DATA Read report data Administrator

“{0}” attempted to
read result of
report “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10218 READ_REPORT_META_DATA Read report meta Administrator

data “{0}” attempted to
read meta data of
report “{4}” ;
managed in
security domain
“{5}”

eventAdmin 10219 CREATE_REPORT_CLASS Create report Administrator

generation class “{0}” attempted to
create a report
generation
instance of “{4}”

eventAdmin 10220 LOOKUP_PRINCIPALS Lookup Administrator

principals “{0}” attempted to
lookup principals
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10243 ASSIGN_SYSTEMFIELDS Assign system Super

_USER_ROLE user an Administrator
administrator role “{0}” attempted to
assign
administrative role
“{8}” to system
user “{4}”.

2: RSA Authentication Manager Log Messages 43

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10244 RESET_SYSTEMFIELDS_USER Reset system user Super

_PASSWORD password Administrator
“{0}” attempted to
reset system user
“{4}” password.

eventAdmin 10245 UNASSIGN_SYSTEMFIELDS Unassign system Super

_USER_ROLE user an Administrator
administrator role “{0}” attempted to
unassign
administrative role
“{8}” from system
user “{4}”.

eventAdmin 10246 LIST_SYSTEMFIELDS_USERS List system users Super

Administrator
“{0}” attempted to
list system users
with
administrative
roles such as
Operations
Console admin.

eventAdmin 10247 CREATE_SYSTEMFIELDS Create system Super

_ROLE administrator role Administrator
“{0}” attempted to
create new system
administrator role
“{4}”. System
administrator roles
have no attributes
other than a name.

eventAdmin 10248 DELETE_SYSTEMFIELDS Delete system Super

_ROLE administrator role Administrator
“{0}” attempted to
delete system
administrator role
“{4}”.

eventAdmin 10249 FIND_ORPHANED Find unresolvable Administrator

_PRINCIPALS_IS users “{0}” attempted to
_UNSPECIFIED find unresolvable
users

44 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10250 CLEANUP_UNRESOLVED Cleaning Administrator

_USERS_IS_UNSPECIFIED unresolvable “{0}” attempted to
users clean unresolvable
users

eventAdmin 10251 REMOVE_UNRESOLVED Cleaning Administrator

_PRINCIPAL unresolvable user “{0}” cleaned
unresolvable user
“{4}” from
identity source
“{6}”

eventAdmin 10252 CLEANUP_UNRESOLVED Started manual Administrator

_USERS_IS_UNSPECIFIED cleanup of “{0}” started
_START unresolvable cleaning
users unresolvable users

eventAdmin 10253 CLEANUP_UNRESOLVED Completed Administrator

_USERS_IS_UNSPECIFIED manual cleanup “{0}” has cleaned
_END of unresolvable unresolvable users
users

eventAdmin 10254 BATCH_JOB_CLEANUP Started scheduled System started

_UNRESOLVED_USERS cleanup of scheduled cleanup
_GROUPS_START unresolvable of unresolvable
users and groups users and groups

eventAdmin 10255 BATCH_JOB_CLEANUP Completed System has

_UNRESOLVED_USERS scheduled completed
_GROUPS_END cleanup of scheduled cleanup
unresolvable of unresolvable
users and groups users and groups

eventAdmin 10256 BATCH_JOB_CLEANUP Errors occured System has

_UNRESOLVED_USERS during scheduled completed
_GROUPS_ERRORS cleanup of scheduled cleanup
unresolvable of unresolvable
users and groups users and groups ;
but cleanup did not
complete normally.
Consult the system
log for more
details.

2: RSA Authentication Manager Log Messages 45

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10257 REMOVE_UNRESOLVED Cleaning Administrator

_GROUP unresolvable “{0}” cleaned
group unresolvable group
“{4}” from
identity source
“{6}”

eventAdmin 10258 MARK_UNRESOLVABLE Marking user as User “{4}” is

_USER unresolvable missing from
identity source
“{6}”. Marking
user as
unresolvable.

eventAdmin 10259 MOVE_PRINCIPAL_ACROSS User moved User “{4}” has

_IDENTITYSOURCE across identity been moved from
sources identity source
“{6}” to identity
source “{11}” as a
result of an update
made to the
directory server.

eventAdmin 10260 TEST_IDENTITY_SOURCE Cannot test the The administrator

_CONN_FAILED connection to the “{0}” attempting
directory server. to test the
connection does
not have
permission to
perform the test.

eventAdmin 10261 SEARCH_GROUP Search groups Administrator

“{0}” attempted to
search groups in
identity source
“{4}”

eventAdmin 10262 CREATE_RBA_POLICY Create RBA Administrator

policy “{0}” attempted to
create RBA policy
“{4}” ; to be
managed in
security domain
“{5}”

46 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10263 DELETE_RBA_POLICY Delete RBA Administrator

policy “{0}” attempted to
delete RBA policy
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10264 UPDATE_RBA_POLICY Update RBA Administrator

policy “{0}” attempted to
update RBA policy
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10265 READ_RBA_POLICY Read RBA policy Administrator

“{0}” attempted to
view RBA policy
“{4}” ; managed
in security domain
“{5}”

eventAdmin 10266 ASSOCIATE_RBA_POLICY_TO Associate RBA Administrator

_SECURITY_DOMAIN policy with “{0}” attempted to
security domain associate a RBA
policy with a
security domain

eventAdmin 10267 DIS_ASSOCIATE_RBA Disassociate Administrator

_POLICY_FROM_SEC_DOM RBA policy from “{0}” attempted to
security domain disassociate a
RBA policy from a
security domain

eventAdmin 10268 CLEAR_DEVICE_BINDINGS Clear device Administrator

bindings for “{0}” attempted to
principal clear device
bindings for
principal “{4}” ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 47

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10269 MANAGE_SECURITY Manage Security Administrator

_DOMAIN_MAPPINGS Domain “{0}” attempted to
Mappings for IS manage security
domain mappings
for Identity Source

eventAdmin 10270 ENABLE_PRINCIPALS_FOR Enable principals Administrator

_RBA for RBA “{0}” attempted to
enable multiple
principals for RBA

eventAdmin 10271 UPDATE_SECURITY Update Security Administrator

_QUESTIONS_LIST Questions “{0}” attempted to
update Security
Questions

eventAdmin 10272 ENABLE_PRINCIPAL_FOR Enable principal Administrator

_RBA for RBA “{0}” attempted to
enable principal
“{4}” for RBA ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10273 ADD_CERTIFICATE Add certificate Administrator

“{0}” attempted to
add certificate
“{4}”

eventAdmin 10274 DELETE_CERTIFICATE Delete certificate Administrator

“{0}” attempted to
delete certificate
“{11}”

eventAdmin 10275 READ_CERTIFICATE Read certificate Administrator

“{0}” attempted to
read certificate
“{4}”

eventAdmin 10276 UPDATE_CERTIFICATE Update certificate Administrator

“{0}” attempted to
update certificate
“{4}”

48 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10277 ADD_WEBTIER Add Webtier Administrator

_DEPLOYMENT Deployment “{0}” attempted to
add WebTier
Deployment “{4}”

eventAdmin 10278 UPDATE_WEBTIER Update Webtier Administrator

_DEPLOYMENT Deployment “{0}” attempted to
update WebTier
Deployment “{4}”

eventAdmin 10279 DELETE_WEBTIER Delete Webtier Administrator

_DEPLOYMENT Deployment “{0}” attempted to
delete WebTier
Deployment “{4}”

eventAdmin 10280 GENERATE_WEBTIER Generate Webtier Administrator

_PACKAGE Package “{0}” attempted to
generate WebTier
package for “{4}”

eventAdmin 10282 ADD_SERVER_NODE Add Server Node Administrator

“{0}” attempted to
add a server node
with hostname
“{4}” to the cluster

eventAdmin 10283 REMOVE_SERVER_NODE Remove Server Administrator

Node “{0}” attempted to
remove a server
node with
hostname “{4}”
from the cluster

eventAdmin 10284 REMOVE_SECURITY Remove Security User “{0}”

_QUESTION_ANSWERS Question attempted to
Answers remove Security
Question Answers

eventAdmin 10285 UPDATE_SECURITY Update Security User “{0}”

_QUESTION_ANSWERS Question attempted to
Answers update Security
Question Answers

2: RSA Authentication Manager Log Messages 49

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10286 DISABLE_PRINCIPAL_FOR Disable principal Administrator

_RBA for RBA “{0}” attempted to
disable principal
“{4}” for RBA ;
stored in identity
source “{6}” and
managed in
security domain
“{5}”

eventAdmin 10287 UPDATE_PRINCIPAL Update User ID System attempted

_LOGINUID to update the User
ID for principal
“{4}” to “{11}” as
a result of an
update made to the
directory server.
The principal is
stored in identity
source “{6}” and
managed in
security domain
“{5}”.

eventAdmin 10288 UPDATE_PRINCIPAL_EXUID Update unique System attempted

identifier to update the
unique identifier
for principal “{4}”
as a result of an
update made to the
directory server.
The principal is
stored in identity
source “{6}” and
managed in
security domain
“{5}”.

50 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10289 MOVE_PRINCIPAL_WITHIN User moved System attempted

_IDENTITYSOURCE within identity to update the DN
source for principal “{4}”
because the
principal was
moved in the
directory server.
The principal is
stored in identity
source “{6}” and
managed in
security domain
“{5}”.

eventAdmin 10290 UPDATE_PRINCIPAL_FOR Update principal System attempted

_LDAP_CHANGE to update principal
“{4}” based on
changes made in
identity source
“{6}”.

eventAdmin 10291 RESTORE_ADMIN Restore admin System attempted

to create Super
Admin “{11}”
using restore
admin utility.

eventAdmin 10292 CREATE_SYSTEMFIELDS Create system Super

_USER user Administrator
“{0}” attempted to
create system user
“{4}”. System user
accounts have no
attributes other
than a userID and
password.

eventAdmin 10293 DELETE_SYSTEMFIELDS Delete system Super

_USER user Administrator
“{0}” attempted to
delete system user
“{4}”. System user
accounts have no
attributes other
than a userID and
password.

2: RSA Authentication Manager Log Messages 51

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 10294 UPDATE_WEBTIER Update Webtier Administrator

_CUSTOMIZATION Customization “{0}” attempted to
update WebTier
Customization
Configuration
“{4}”

eventAdmin 20001 CREATE_AM_PRINCIPAL Create Principal Administrator

“{0}” attempted to
create principal
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}”

eventAdmin 20002 UPDATE_AM_PRINCIPAL Update Principal User “{0}”

attempted to
update principal
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}”

eventAdmin 20003 DELETE_AM_PRINCIPAL Delete Principal Administrator

“{0}” attempted to
delete principal
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}”

eventAdmin 20004 READ_AM_PRINCIPAL Read Principal Administrator

_EMERGENCY_ACCESS_INFO Emergency “{0}” attempted to
Access Info read principal
emergency access
info “{4}” stored
in identity source
“{6}” managed in
security domain
“{5}”

52 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20005 CLEARBADPASSCODES Clear Bad Administrator

Passcodes “{0}” attempted to
clear bad
passcodes “{4}”
managed in
security domain
“{5}”

eventAdmin 20006 READ_AM_TOKEN_OFFLINE Read Token Administrator

_EMERGENCY_ACCESS_INFO Offline “{0}” attempted to
Emergency read offline
Access Info emergency access
info for token
“{4}” managed in
security domain
“{5}”

eventAdmin 20007 READ_AM_TOKEN_ONLINE Read Token Administrator

_EMERGENCY_ACCESS_INFO Online “{0}” attempted to
Emergency read online
Access Info emergency access
info for token
“{4}” managed in
security domain
“{5}”

eventAdmin 20008 UPDATE_AM_TOKEN_ONLINE Update Token Administrator

_EMERGENCY_ACCESS_INFO Online “{0}” attempted to
Emergency update online
Access Info emergency access
info for token
“{4}” managed in
security domain
“{5}”

eventAdmin 20009 AM_TOKEN_ENABLED Enable Token Administrator

“{0}” attempted to
enable token “{4}”
managed in
security domain
“{5}”.

2: RSA Authentication Manager Log Messages 53

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20010 AM_TOKEN_DISABLED Disable Token Administrator

“{0}” attempted to
disable token
“{4}” managed in
security domain
“{5}”

eventAdmin 20011 AM_CLEAR_TOKEN_PIN Clear Token Pin Administrator

“{0}” attempted to
clear pin for token
“{4}” managed in
security domain
“{5}”

eventAdmin 20012 AM_SET_NEW_PIN_MODE Set New Pin Administrator

Mode “{0}” attempted to
set new pin mode
for token “{4}”
managed in
security domain
“{5}”

eventAdmin 20013 AM_RESET_PIN Reset Token Pin Administrator

“{0}” attempted to
reset token pin
“{4}” managed in
security domain
“{5}”

eventAdmin 20014 AUTHMGR_AGENT_CREATE Create Agent Administrator

“{0}” attempted to
create agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20015 AM_ASSIGN_FIXED Assign Fixed Administrator

_PASSCODE Passcode “{0}” attempted to
assign a fixed
passcode for token
“{4}” managed in
security domain
“{5}”

54 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20016 AM_UNASSIGN_FIXED Unassign Fixed Administrator

_PASSCODE Passcode “{0}” attempted to
unassign a fixed
passcode for token
“{4}” managed in
security domain
“{5}”

eventAdmin 20017 AUTHMGR_AGENT_DELETE Delete Agent Administrator

“{0}” attempted to
delete agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20018 AUTHMGR_AGENT_ENABLE Enable Agent Administrator

“{0}” attempted to
enable agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20019 AUTHMGR_AGENT_READ Read Agent Administrator

“{0}” attempted to
read agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20020 AUTHMGR_AGENT_UPDATE Update Agent Administrator

“{0}” attempted to
update agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20021 AUTHMGR_AGENT_LINK Link Agent and Administrator

_APSLIST Agent Protocol “{0}” attempted to
Server List link agent “{4}”
managed in
security domain
“{5}” with agent
protocol server list
“{8}” managed in
security domain
“{9}”

2: RSA Authentication Manager Log Messages 55

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20024 READ_AM_PRINCIPAL Read Principal Administrator

“{0}” attempted to
read principal
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}”

eventAdmin 20025 IMPORT_TOKEN Import Token Administrator

“{0}” attempted to
import token “{4}”
managed in
security domain
“{5}”

eventAdmin 20026 CREATE_AM_TOKEN Create Token Administrator

“{0}” attempted to
create token “{4}”
managed in
security domain
“{5}”

eventAdmin 20027 UPDATE_AM_TOKEN Update Token Administrator

“{0}” attempted to
update token “{4}”
managed in
security domain
“{5}”

eventAdmin 20028 DELETE_AM_TOKEN Delete Token Administrator

“{0}” attempted to
delete token “{4}”
managed in
security domain
“{5}”

eventAdmin 20029 SEARCH_AM_TOKEN Search Token Administrator

“{0}” attempted to
search for tokens
managed in
security domain
“{5}”

56 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20030 NEXT_AVAILABLE_AM Get Next Administrator

_TOKEN Available Token “{0}” attempted to
get the next
available token
managed in
security domain
“{5}”

eventAdmin 20031 AUTHMGR_TOKEN Delete Token Administrator

_ATTRIBUTE_DELETE Attribute “{0}” attempted to
delete attribute
token “{4}”
managed in
security domain
“{5}”

eventAdmin 20032 AUTHMGR_TOKEN Create Token Administrator

_ATTRIBUTE_CREATE Attribute “{0}” attempted to
create attribute for
token “{4}”
managed in
security domain
“{5}”

eventAdmin 20033 AUTHMGR_TOKEN Update Token Administrator

_ATTRIBUTE_UPDATE Attribute “{0}” attempted to
update attribute for
token “{4}”
managed in
security domain
“{5}”

eventAdmin 20034 AUTHMGR_CR_TRUSTED Create Trusted Administrator

_REALM_CREATE Realm “{0}” attempted to
create trusted
realm “{4}” stored
in identity source
“{6}” managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 57

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20035 AUTHMGR_CTKIP Create CTKIP Administrator

_AUTHCODE_CREATE Authcode “{0}” attempted to
create CTKIP
authcode “{4}”
managed in
security domain
“{5}”

eventAdmin 20036 AUTHMGR_CTKIP Delete CTKIP Administrator

_AUTHCODE_DELETE Authcode “{0}” attempted to
delete CTKIP
authcode “{4}”
managed in
security domain
“{5}”

eventAdmin 20037 AUTHMGR_CTKIP Read CTKIP Administrator

_AUTHCODE_READ Authcode “{0}” attempted to
read CTKIP
authcode “{4}”
managed in
security domain
“{5}”

eventAdmin 20038 AUTHMGR_CTKIP Manage CTKIP Administrator

_MANAGEMENT “{0}” attempted to
manage CTKIP
“{4}” managed in
security domain
“{5}”

eventAdmin 20039 AUTHMGR_TOKEN_SET Set Tokencode Administrator

_TOKENCODE_ONLY only “{0}” attempted to
_PINTYPE set tokencode only
pintype for token
“{4}” managed in
security domain
“{5}”

eventAdmin 20040 AUTHMGR_TOKEN_SET Set Token Administrator

_PASSCODE_PINTYPE Passcode Pin type “{0}” attempted to
set passcode pin
type for token
“{4}” in security
domain “{5}”

58 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20041 SYNC_TOKENS Sync Token Administrator

“{0}” attempted to
sync token “{4}”
managed in
security domain
“{5}”

eventAdmin 20042 READ_AM_TOKEN Read Token Administrator

_EMERGENCY_ACCESS_INFO Emergency “{0}” attempted to
Access Info read token
emergency access
“{4}” info
managed in
security domain
“{5}”

eventAdmin 20043 READ_TOKEN Read Token Administrator

“{0}” attempted to
read token “{4}”
managed in
security domain
“{5}”

eventAdmin 20044 UPDATE_AM_TOKEN Update Token Administrator

_OFFLINE_EMERGENCY Offline “{0}” attempted to
_ACCESS_INFO Emergency update offline
Access Info emergency acess
info for token
“{4}” managed in
security domain
“{5}”

eventAdmin 20045 AM_LINK_TOKEN_PRINCIPAL Link Token with Administrator

Principal “{0}” attempted to
link token “{4}”
managed in
security domain
“{5}” with
principal “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

2: RSA Authentication Manager Log Messages 59

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20046 AM_UNLINK_TOKEN Unlink Token Administrator

_PRINCIPAL with Principal “{0}” attempted to
unlink token
“{4}” managed in
security domain
“{5}” with
principal “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

eventAdmin 20047 AUTHMGR_TOKEN_STAT Search Token Administrator

_SEARCH Statistics “{0}” attempted to
search for token
statistics managed
in security domain
“{5}” with
principal “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

eventAdmin 20048 AUTHMGR_OFFLINE Create Offline Administrator

_AUTHN_POLICY_CREATE Authentication “{0}” attempted to
Policy create offline
authentication
policy “{4}”
managed in
security domain
“{5}”

eventAdmin 20049 AUTHMGR_OFFLINE_AUTHN Delete Offline Administrator

_POLICY_DELETE Authentication “{0}” attempted to
Policy delete offline
authentication
policy “{4}”
managed in
security domain
“{5}”

60 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20050 AUTHMGR_OFFLINE_AUTHN Read Offline Administrator

_POLICY_READ Authentication “{0}” attempted to
Policy read offline
authentication
policy “{4}”
managed in
security domain
“{5}”

eventAdmin 20051 AUTHMGR_OFFLINE_AUTHN Update Offline Administrator

_POLICY_UPDATE Authentication “{0}” attempted to
Policy update offline
authentication
policy “{4}”
managed in
security domain
“{5}”

eventAdmin 20052 AUTHMGR_TOKEN_POLICY Create Token Administrator

_CREATE Policy “{0}” attempted to
create token policy
“{4}” managed in
security domain
“{5}”

eventAdmin 20053 AUTHMGR_TOKEN_POLICY Update Token Administrator

_UPDATE Policy “{0}” attempted to
update token
policy “{4}”
managed in
security domain
“{5}”

eventAdmin 20054 AUTHMGR_TOKEN_POLICY Delete Token Administrator

_DELETE Policy “{0}” attempted to
delete token policy
“{4}” managed in
security domain
“{5}”

eventAdmin 20055 AUTHMGR_TOKEN_POLICY Read Token Administrator

_READ Policy “{0}” attempted to
read token policy
“{4}” managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 61

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20056 INSUFFICIENT_PRIVILEGE Insufficient Administrator

Privilege “{0}” attempted
an action having
insufficient
privileges

eventAdmin 20057 AUTHMGR_AGENT_GROUP Link or Unlink Administrator

_LINK_UNLINK Agent with Group “{0}” attempted to
link agent “{4}”
managed in
security domain
“{5}” with group
“{8}” stored in
identity source
“{10}” managed in
security domain
“{9}”

eventAdmin 20058 AUTHMGR_AGENT_GROUP Link Agent with Administrator

_LINK Group “{0}” attempted to
link agent “{4}”
managed in
security domain
“{5}” with group
“{8}” stored in
identity source
“{10}” managed in
security domain
“{9}”

eventAdmin 20059 AUTHMGR_AGENT_GROUP UnLink Agent Administrator

_UNLINK with Group “{0}” attempted to
unlink agent “{4}”
managed in
security domain
“{5}” with group
“{8}” stored in
identity source
“{10}” managed in
security domain
“{9}”

62 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20060 AUTHMGR_AGENT_DISABLE Disable Agent Administrator

“{0}” attempted to
disable agent
“{4}” managed in
security domain
“{5}”

eventAdmin 20061 AUTHMGR_NODE_SECRET Agent Node Administrator

_EXPORTED Secret Export “{0}” attempted to
export node secret
file for agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20062 AUTHMGR_AGENT_MOVED Move Agent Administrator

“{0}” attempted to
move agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20063 AUTHMGR_AGENT_CLEAR Clear Agent Node Administrator

_NODESECRET Secret “{0}” attempted to
clear node secret
for agent “{4}”
managed in
security domain
“{5}”

eventAdmin 20064 AUTHMGR_APS_LOOKUP Lookup Agent Administrator

Protocol Server “{0}” attempted to
lookup Agent
Protocol Server
“{4}” managed in
security domain
“{5}”

eventAdmin 20065 AUTHMGR_APS_GENERATE Generate Agent Administrator

_CONFIG Protocol Server “{0}” attempted to
Config generate Agent
Protocol Server
Config “{4}”

2: RSA Authentication Manager Log Messages 63

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20066 AUTHMGR_APS_CREATE Create Agent Administrator

Protocol Server “{0}” attempted to
create Agent
Protocol Server
“{4}” managed in
security domain
“{5}”

eventAdmin 20067 AUTHMGR_APS_DELETE Delete Agent Administrator

Protocol Server “{0}” attempted to
delete Agent
Protocol Server
“{4}” managed in
security domain
“{5}”

eventAdmin 20068 AUTHMGR_APS_UPDATE Update Agent Administrator

Protocol Server “{0}” attempted to
update Agent
Protocol Server
“{4}” managed in
security domain
“{5}”

eventAdmin 20069 AUTHMGR_APS_LOOKUP_BY Lookup Agent Administrator

_IP Protocol Server “{0}” attempted to
by IP lookup Agent
Protocol Server by
IP “{4}” managed
in security domain
“{5}”

eventAdmin 20070 AUTHMGR_APS_LIST Create Agent Administrator

_CREATE Protocol Server “{0}” attempted to
List create Agent
Protocol Server list
“{4}” managed in
security domain
“{5}”

64 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20071 AUTHMGR_APS_LIST Delete Agent Administrator

_DELETE Protocol Server “{0}” attempted to
List delete Agent
Protocol Server
List “{4}”
managed in
security domain
“{5}”

eventAdmin 20072 AUTHMGR_APS_LIST Update Agent Administrator

_UPDATE Protocol Server “{0}” attempted to
List update Agent
Protocol Server
List “{4}”
managed in
security domain
“{5}”

eventAdmin 20073 AUTHMGR_APS_LIST Lookup Agent Administrator

_LOOKUP Protocol Server “{0}” attempted to
List lookup Agent
Protocol Server
List “{4}”
managed in
security domain
“{5}”

eventAdmin 20074 AUTHMGR_HOST_CREATE Create Host Administrator

“{0}” attempted to
create host “{4}”
managed in
security domain
“{5}”

eventAdmin 20075 AUTHMGR_HOST_DELETE Delete Host Administrator

“{0}” attempted to
delete host “{4}”
managed in
security domain
“{5}”

eventAdmin 20076 AUTHMGR_HOST_UPDATE Update Host Administrator

“{0}” attempted to
update host “{4}”
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 65

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20077 AUTHMGR_HOST_LOOKUP Update Host Administrator

“{0}” attempted to
lookup host “{4}”
managed in
security domain
“{5}”

eventAdmin 20078 AUTHMGR_HOST_LOOKUP Update Host By Administrator

_BY_IP IP “{0}” attempted to
lookup host by IP
“{4}” managed in
security domain
“{5}”

eventAdmin 20079 AUTHMGR_HOST_LOOKUP Update Host By Administrator

_BY_IPPROXY IP Proxy “{0}” attempted to
lookup host by IP
proxy “{4}”
managed in
security domain
“{5}”

eventAdmin 20080 AUTHMGR_HOST_FIND Find Host Case Administrator

_INSENSITIVE Insensitive “{0}” attempted to
find host case
insensitive “{4}”
managed in
security domain
“{5}”

eventAdmin 20081 AUTHMGR_FILE_CREATE Create File Data Administrator

“{0}” attempted to
create file “{4}”
managed in
security domain
“{5}”

eventAdmin 20082 AUTHMGR_FILE_READ Read File Data Administrator

“{0}” attempted to
read file “{4}”
managed in
security domain
“{5}”

66 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20083 AUTHMGR_FILE_DELETE Delete File Data Administrator

“{0}” attempted to
delete file “{4}”
managed in
security domain
“{5}”

eventAdmin 20084 AUTHMGR_FILE_UPDATE Update File Data Administrator

“{0}” attempted to
update file “{4}”
managed in
security domain
“{5}”

eventAdmin 20085 AUTHMGR_REALM_ADD Create Realm Administrator

“{0}” attempted to
create realm “{4}”
managed in
security domain
“{5}”

eventAdmin 20086 AUTHMGR_OFFLINE_ADMIN Offline Admin Administrator

_POLICY_ACTION Policy Action “{0}” attempted to
manipulate admin
policy “{4}”
managed in
security domain
“{5}”

eventAdmin 20087 AUTH_NODE_SECRET_FILE Download Agent Administrator

_DOWNLOADED Node Secret File “{0}” attempted to
download node
secret file for agent
“{4}” managed in
security domain
“{5}”

eventAdmin 20088 AUTHMGR_SERVER_CONFIG Download Agent Administrator

_DOWNLOAD Protocol Server “{0}” attempted to
Config download Agent
Protocol Server
Config “{4}”

2: RSA Authentication Manager Log Messages 67

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20089 EXPORT_SOFT_TOKEN Export Soft Administrator

Token “{0}” attempted to
export soft token
“{4}” managed in
security domain
“{5}”

eventAdmin 20090 AUTHMGR_SD_PREDELETE Validate Predelete Administrator

_VALIDATION “{0}” attempted to
validate predeleted
security domain
properties

eventAdmin 20091 AUTHMGR_REALM Delete Token Administrator

_PREDELETE_TOKEN_ATTR attributes from “{0}” attempted to
_DELETE Security Domain delete token
attributes “{4}”
managed in
security domain
“{5}”

eventAdmin 20092 AUTHMGR_REALM Delete Token Administrator

_PREDELETE_TOKEN from Security “{0}” attempted to
_DELETE Domain delete token “{4}”
managed in
security domain
“{5}”

eventAdmin 20093 AUTHMGR_REALM Delete Host from Administrator

_PREDELETE_HOST_DELETE Security Domain “{0}” attempted to
delete host “{4}”
managed in
security domain
“{5}”

eventAdmin 20094 AUTHMGR_REALM Delete Agent Administrator

_PREDELETE_AGENT from Security “{0}” attempted to
_DELETE Domain delete agent “{4}”
managed in
security domain
“{5}”

68 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20095 CTKIP_GENERATE_KEY Generate CTKIP Administrator

Key “{0}” attempted to
generate CTKIP
key for CTKIP
data “{4}”
managed in
security domain
“{5}”

eventAdmin 20096 AM_REPORT_GENERATE Principal Never Attempting to

_PRINCIPAL_NEVER_LOGGED Logged In Report generate a report
_IN for principals who
have never logged
in using their
tokens

eventAdmin 20097 AM_REPORT_SECDOMAIN Lookup Security Looking up a

_LOOKUP Domain for security domain
Reporting for reporting

eventAdmin 20098 AM_REPORT_IDENTITY Lookup Identity Looking up an

_LOOKUP Source for identity source for
Reporting reporting

eventAdmin 20099 SD_OAPOL_ASSOC Apply Offline Applying an

Authentication offline
Policy to Security authentication
Domain policy to a security
domain

eventAdmin 20100 SD_OAPOL_DISASSOC Apply Realm Applying the

Default Offline realm default
Authentication offline
Policy to Security authentication
Domain policy to a security
domain

eventAdmin 20101 SD_TKNPOL_ASSOC Apply Token Applying a token

Policy to Security policy to a security
Domain domain

eventAdmin 20102 SD_TKNPOL_DISASSOC Apply Realm Applying the

Default Token realm default
Policy to Security token policy to a
Domain security domain

2: RSA Authentication Manager Log Messages 69

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20103 AM_TOKEN_GENERATE Generate Administrator

_ONLINE_EA Emergency “{0}” attempted to
Access Code generate an
emergency access
code for principal
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}”

eventAdmin 20104 AUTHMGR_APS Agent Protocol Administrator

_SYNCHRONIZATION Server “{0}” attempted to
Synchronization synchronize agent
protocol servers

eventAdmin 20105 LINK_UNLINK_TOKEN Link or Unlink Administrator

_PRINCIPAL Token and “{0}” attempted to
Principal link or unlink
token “{4}”
managed in
security domain
“{5}” with
principal “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

eventAdmin 20106 MIGRATION_INSUFFICIENT Migration Administrator

_PRIVILEGE Inusfficient “{0}” does not
Privilege have sufficient
privileges to
perform migration

eventAdmin 20107 AUTHMGR_CREATE_GROUP Create Time Administrator

_RESTRICTED_ACCESS Restricted Access “{0}” attempted to
_HOURS Hours create Time
Restricted Access
Hours “{4}”
managed in
security domain
“{5}”

70 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20108 AUTHMGR_UPDATE_GROUP Update Time Administrator

_RESTRICTED_ACCESS Restricted Access “{0}” attempted to
_HOURS Hours update Time
Restricted Access
Hours “{4}”
managed in
security domain
“{5}”

eventAdmin 20109 AUTHMGR_READ_GROUP Read Time Administrator

_RESTRICTED_ACCESS Restricted Access “{0}” attempted to
_HOURS Hours read Time
Restricted Access
Hours “{4}”
managed in
security domain
“{5}”

eventAdmin 20110 TRUSTED_USER_GROUP Create Trusted Administrator

_CREATE User Group “{0}” attempted to
create Trusted
User Group “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20111 TRUSTED_USER_GROUP Update Trusted Administrator

_UPDATE User Group “{0}” attempted to
update Trusted
User Group “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20112 TRUSTED_USER_GROUP Delete Trusted Administrator

_DELETE User Group “{0}” attempted to
delete Trusted
User Group “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 71

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20113 TRUSTED_USER_GROUP Lookup a Trusted Administrator

_READ User Group looked up a trusted
user group

eventAdmin 20114 TRUSTED_USER_GROUP Link a Trusted Administrator

_REMOTE_PRINCIPAL_LINK User Group to a “{0}” attempted to
Trusted User link trusted user
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}” with trusted
user group “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

eventAdmin 20115 TRUSTED_USER_GROUP Unlink a Trusted Administrator

_AGENT_UNLINK User Group to an “{0}” attempted to
Agent unlink agent “{4}”
managed in
security domain
“{5}” with trusted
user group “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

eventAdmin 20116 TRUSTED_USER_GROUP Link a Trusted Administrator

_PROFILE_LINK_UNLINK User Group to a linked a trusted
Profile user group to a
profile

eventAdmin 20117 REMOTE_PRINCIPAL_CREATE Create Trusted Administrator

User “{0}” attempted to
create trusted user
“{4}” for trusted
realm “{11}”
managed in local
security domain
“{5}”

72 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20118 REMOTE_PRINCIPAL_UPDATE Update Trusted Administrator

User “{0}” attempted to
update trusted user
“{4}” for trusted
realm “{11}”
managed in local
security domain
“{5}”

eventAdmin 20119 REMOTE_PRINCIPAL_DELETE Delete Trusted Administrator

User “{0}” attempted to
delete trusted user
“{4}” for trusted
realm “{11}”
managed in local
security domain
“{5}”

eventAdmin 20120 REMOTE_PRINCIPAL_READ Look up Trusted Administrator

User “{0}” attempted to
look up trusted
user “{4}” for
trusted realm
“{11}” managed in
local security
domain “{5}”

eventAdmin 20121 AM_TIME_RESTRICTED Add Time Administrator

_ACCESS_ADD Restricted Access “{0}” added Time
to a Group Restricted Access
to Group “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20122 AM_TIME_RESTRICTED Update Time Administrator

_ACCESS_UPDATE Restricted Access “{0}” updated
for a Group Time Restricted
Access for Group
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 73

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20123 AM_TIME_RESTRICTED Delete Time Administrator

_ACCESS_DELETE Restricted Access “{0}” deleted
from a Group Time Restricted
Access from
Group “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20124 AUTHMGR_TOKENTYPES Manage Administrator

_MANAGEMENT TokenType and “{0}” attempted to
SoftTokenDevice manage
Type TokenType and
SoftTokenDeviceT
ype “{4}”
managed in
security domain
“{5}”

eventAdmin 20125 AUTHMGR Manage Administrator

_SELFSERVICETOKEN SelfServiceToken “{0}” attempted to
_MANAGEMENT manage
SelfServiceToken

eventAdmin 20126 REMOTE_PRINCIPAL_ATTR Create a Trusted Administrator

_VALUE_CREATE User Attribute created a trusted
user Attribute

eventAdmin 20127 REMOTE_PRINCIPAL_ATTR Update a Trusted Administrator

_VALUE_UPDATE User Attribute updated a trusted
User Attribute

eventAdmin 20128 REMOTE_PRINCIPAL_ATTR Delete a Trusted Administrator

_VALUE_DELETE User Attribute deleted a trusted
user Attribute

eventAdmin 20129 REMOTE_PRINCIPAL_ATTR Look up a Trusted Administrator

_VALUE_READ User Attribute looked up a trusted
user Attribute

74 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20130 DISABLE_EMERGENCY Disabled Administrator

_ACCESS emergency access “{0}” disabled
emergency access
for the token “{4}”
managed in
security domain
“{5}” that belongs
to the principal
“{8}” stored in
identity source
“{10}” and
managed in
security domain
“{9}”.

eventAdmin 20131 ENABLED_EA_FIXED Token marked as Administrator

_TOKENCODE lost. Enabled “{0}” marked
emergency access token “{4}”
fixed token code. managed in
security domain
“{5}” that belongs
to the principal
“{8}” stored in
identity source
“{10}” and
managed in
security domain
“{9}” as lost.
Enabled
emergency access
fixed token code.

2: RSA Authentication Manager Log Messages 75

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20132 ENABLED_EA_ONE_TIME Token marked as Administrator

_TOKENCODE lost. Enabled “{0}” marked
emergency access token “{4}”
one time token managed in
code. security domain
“{5}” that belongs
to the principal
“{8}” stored in
identity source
“{10}” and
managed in
security domain
“{9}” as lost.
Enabled
emergency access
one time token
code.

eventAdmin 20133 UPDATE_EA_FIXED Updated Administrator

_TOKENCODE emergency access “{0}” updated
fixed token code. emergency access
fixed token code
for the token “{4}”
managed in
security domain
“{5}” that belongs
to the principal
“{8}” stored in
identity source
“{10}” and
managed in
security domain
“{9}”.

76 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20134 UPDATE_EA_ONE_TIME Updated Administrator

_TOKENCODE emergency access “{0}” updated
one time token emergency access
code. one time token
code for the token
“{4}” managed in
security domain
“{5}” that belongs
to the principal
“{8}” stored in
identity source
“{10}” and
managed in
security domain
“{9}”.

eventAdmin 20135 GENERATED_EA_FIXED Generated Administrator

_TOKENCODE emergency access “{0}” generated
fixed token code. emergency access
fixed token code
for the token “{4}”
managed in
security domain
“{5}”.

eventAdmin 20136 GENERATED_EA_ONE_TIME Generated Administrator

_TOKENCODE emergency access “{0}” generated
one time token emergency access
code. one time token
code for the token
“{4}” managed in
security domain
“{5}”.

eventAdmin 20137 TRUSTED_USER_GROUP Link a Trusted Administrator

_ACCESS_HOURS_LINK User Group to a linked a trusted
_UNLINK Time Restricted user group to a
Access Hours time restricted
access hours

2: RSA Authentication Manager Log Messages 77

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20138 AM_LINK_SOFT_TOKEN Link Software Administrator

_DEVICE_TYPE Token with “{0}” attempted to
Software Token link software token
Device Type “{4}” managed in
Definition security domain
“{5}” with
software token
device type
definition “{8}”
stored in system

eventAdmin 20139 AM_UNLINK_SOFT_TOKEN Unlink Software Administrator

_DEVICE_TYPE Token from “{0}” attempted to
Software Token unlink software
Device Type token “{4}”
Definition managed in
security domain
“{5}” with
software token
device type
definition “{8}”
stored in system

eventAdmin 20140 AM_TURN_ON_EVENTTOKEN Turn on the Administrator

_DB_RECOVERY database recovery “{0}” attempted to
mode for turn on event token
event-based database recovery
tokens mode

eventAdmin 20141 AM_TURN_OFF Turn off the Administrator

_EVENTTOKEN_DB database recovery “{0}” attempted to
_RECOVERY mode for turn off event
event-based token database
tokens recovery mode

eventAdmin 20142 AM_RADIUS_ATTRDEF Create new Administrator

_CREATE RADIUS “{0}” attempted to
Attribute create a new
Definition RADIUS Attribute
Definition

eventAdmin 20143 AM_RADIUS_ATTRDEF Update a Administrator

_UPDATE RADIUS “{0}” attempted to
Attribute update a RADIUS
Definition Attribute
Definition

78 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20144 AM_RADIUS_ATTRDEF Delete a RADIUS Administrator

_DELETE Attribute “{0}” attempted to
Definition delete a RADIUS
Attribute
Definition

eventAdmin 20145 AM_RADIUS_ATTRDEF_READ View RADIUS Administrator

Attribute “{0}” attempted to
Definition view a RADIUS
Attribute
Definition

eventAdmin 20146 DISTRIBUTE_SOFT_TOKEN Distribute Soft Administrator

_CTKIP Token through “{0}” attempted to
CT-KIP distribute software
token “{4}”
through CT-KIP
managed in
security domain
“{5}”

eventAdmin 20147 AM_ENABLE_PRINCIPAL_FOR Enabled Principal Administrator

_SMS for On-Demand “{0}” attempted to
Authentication enable principal
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}” for
On-Demand
Authentication

eventAdmin 20148 AM_DISABLE_PRINCIPAL Disabled Administrator

_FOR_SMS Principal for “{0}” attempted to
On-Demand disable principal
Authentication “{4}” stored in
identity source
“{6}” managed in
security domain
“{5}” for
On-Demand
Authentication

2: RSA Authentication Manager Log Messages 79

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20149 AM_RADIUS_ATTRVAL Manage RADIUS Administrator

_MANAGE Attribute Values “{0}” modified
RADIUS Attribute
Values for
principal “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20150 AM_UPDATE_SMS_FOR Updated Administrator

_PRINCIPAL On-Demand “{0}” attempted to
Authentication update
Attributes for On-Demand
Principal Authentication for
principal “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20151 MANAGE_SMS Manage Administrator

_AUTHENTICATOR On-Demand “{0}” attempted to
Authenticator manage
On-Demand
Authenticator for
principal “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20152 MANAGE_SMS_PIN Update Administrator

On-Demand PIN “{0}” attempted to
set On-Demand
PIN for principal
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}”

80 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20153 IMPORT_SOFT_TOKEN Import Software Administrator

_DEVICE_TYPE Token Device “{0}” attempted to
Definition import new
software token
device definition
package file

eventAdmin 20154 AM61_MIGRATED_LOG AM61 Migrated AM61 Migrated

_MESSAGE log message log message

eventAdmin 20155 MANAGE_PUK_LOOKUP Manage Pin Administrator

Unlock Key “{0}” attempted to
(PUK) lookup PUK data
for token “{4}”
managed in
security domain
“{5}”

eventAdmin 20156 AM_TOKEN_ATTRDEF Create new Token Administrator

_CREATE Attribute “{0}” attempted to
Definition create a new Token
Attribute
Definition

eventAdmin 20157 AM_TOKEN_ATTRDEF Update a Token Administrator

_UPDATE Attribute “{0}” attempted to
Definition update a Token
Attribute
Definition

eventAdmin 20158 AM_TOKEN_ATTRDEF Delete a Token Administrator

_DELETE Attribute “{0}” attempted to
Definition delete a Token
Attribute
Definition

eventAdmin 20159 AM_TOKEN_ATTRDEF_READ View Token Administrator

Attribute “{0}” attempted to
Definition view a Token
Attribute
Definition

2: RSA Authentication Manager Log Messages 81

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20160 REALM_SETTINGS_CREATE Create Realm Administrator

Settings “{0}” attempted to
create Realm
Settings for
security domain
“{5}”

eventAdmin 20161 REALM_SETTINGS_DELETE Delete Realm Administrator

Settings “{0}” attempted to
delete Realm
Settings for
security domain
“{5}”

eventAdmin 20162 REALM_SETTINGS_UPDATE Update Realm Administrator

Settings “{0}” attempted to
update Realm
Settings “{11}” for
security domain
“{5}”

eventAdmin 20163 REALM_SETTINGS_READ Lookup Realm Administrator

Settings “{0}” attempted to
look up Realm
Settings for
security domain
“{5}”

eventAdmin 20164 AM_RADIUS_CREATE Create RADIUS Administrator

_CLIENT Client “{0}” attempted to
create RADIUS
client “{4}” stored
in managed in
security domain
“{5}”

eventAdmin 20165 AM_RADIUS_VIEW_CLIENT View RADIUS Administrator

Client “{0}” attempted to
view RADIUS
client “{4}” stored
in managed in
security domain
“{5}”

82 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20166 AM_RADIUS_UPDATE Update RADIUS Administrator

_CLIENT Client “{0}” attempted to
update RADIUS
client “{4}”
managed in
security domain
“{5}”

eventAdmin 20167 AM_RADIUS_DELETE Delete RADIUS Administrator

_CLIENT Client “{0}” attempted to
delete RADIUS
client “{4}”
managed in
security domain
“{5}”

eventAdmin 20168 AM_RADIUS_CREATE Create RADIUS Administrator

_PROFILE Profile “{0}” attempted to
create RADIUS
profile “{4}”
managed in
security domain
“{5}”

eventAdmin 20169 AM_RADIUS_VIEW_PROFILE View RADIUS Administrator

Profile “{0}” attempted to
view RADIUS
profile “{4}”
managed in
security domain
“{5}”

eventAdmin 20170 AM_RADIUS_UPDATE Update RADIUS Administrator

_PROFILE Profile “{0}” attempted to
update RADIUS
profile “{4}”
managed in
security domain
“{5}”

eventAdmin 20171 AM_RADIUS_DELETE Delete RADIUS Administrator

_PROFILE Profile “{0}” attempted to
delete RADIUS
profile “{4}”
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 83

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20172 AM_RADIUS_CREATE Create RADIUS Administrator

_SERVER Server “{0}” attempted to
create RADIUS
server “{4}”
managed in
security domain
“{5}”

eventAdmin 20173 AM_RADIUS_VIEW_SERVER View RADIUS Administrator

Server “{0}” attempted to
view RADIUS
server “{4}”
managed in
security domain
“{5}”

eventAdmin 20174 AM_RADIUS_UPDATE Update RADIUS Administrator

_SERVER Server “{0}” attempted to
update RADIUS
server “{4}”
managed in
security domain
“{5}”

eventAdmin 20175 AM_RADIUS_DELETE Delete RADIUS Administrator

_SERVER Server “{0}” attempted to
delete RADIUS
server “{4}”
managed in
security domain
“{5}”

eventAdmin 20176 AM_RADIUS_CREATE Create RADIUS Administrator

_POLICY Realm Settings “{0}” attempted to
create RADIUS
Realm settings
“{4}” managed in
security domain
“{5}”

eventAdmin 20177 AM_RADIUS_VIEW_POLICY View RADIUS Administrator

Realm Settings “{0}” attempted to
view RADIUS
Realm settings
“{4}” managed in
security domain
“{5}”

84 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20178 AM_RADIUS_UPDATE Update RADIUS Administrator

_POLICY Realm Settings “{0}” attempted to
update RADIUS
Realm settings
“{4}” managed in
security domain
“{5}”

eventAdmin 20179 AM_RADIUS_DELETE Delete RADIUS Administrator

_POLICY Realm settings “{0}” attempted to
delete RADIUS
Realm settings
“{4}” managed in
security domain
“{5}”

eventAdmin 20180 AM_RADIUS_LINK_PROFILE Assign RADIUS Administrator

_AGENT Profile to Agent “{0}” attempted to
assign RADIUS
profile “{4}” to
Agent “{8}”
managed in
security domain
“{5}”

eventAdmin 20181 AM_RADIUS_LINK_PROFILE Assign RADIUS Administrator

_PRINCIPAL Profile to “{0}” attempted to
Principal assign RADIUS
profile “{4}” to
Principal “{8}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20182 AM_RADIUS_UNLINK Unassign Administrator

_PROFILE_AGENT RADIUS Profile “{0}” attempted to
from Agent unassign RADIUS
profile from Agent
“{4}” managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 85

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20183 AM_RADIUS_UNLINK Unassign Administrator

_PROFILE_PRINCIPAL RADIUS Profile “{0}” attempted to
from Principal unassign RADIUS
profile from
Principal “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20184 AM_RADIUS_REPLICATION Initiate RADIUS Administrator

_PUBLISH Replication “{0}” attempted to
initiate replication
of RADIUS data in
security domain
“{5}”

eventAdmin 20185 AM_RADIUS_REPLICATION Notify Server for Administrator

_NOTIFY RADIUS “{0}” attempted to
Replication initiate RADIUS
replication in
security domain
“{5}”

eventAdmin 20186 AM_RADIUS_LINK_PROFILE Assign RADIUS Administrator

_PRINCIPAL_ALIAS Profile to “{0}” attempted to
Principal Alias assign RADIUS
profile “{4}” to
Principal “{8}”
Alias “{11}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAdmin 20187 AM_RADIUS_UNLINK Unassign Administrator

_PROFILE_PRINCIPAL_ALIAS RADIUS Profile “{0}” attempted to
from Principal unassign RADIUS
Alias profile from
Principal “{4}”
Alias “{11}”
managed in
security domain
“{5}”

86 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20188 AM_ON_DEMAND Update Administrator

_CONFIGURATION_UPDATE On-Demand “{0}” attempted to
Configuration update
On-Demand
configuration in
realm “{5}”

eventAdmin 20189 AM_ACTIVITY_MONITOR Read Activity Administrator

_READ Monitor “{0}” attempted to
read activity
monitor

eventAdmin 20190 TRANSMIT_TEST_TXT_MSG Test SMS Attempted to

_SMS Provider transmit text
Integration message to “{4}”
to test integration
with provider
“{11}”

eventAdmin 20191 RESYNC_AM_TOKEN Resynchronize Administrator

Token “{0}” attempted to
resynchronize
token “{4}”
managed in
security domain
“{5}”

eventAdmin 20192 AM_APS_AUTO_REG Enable Agent Administrator

_ENABLED Auto-registration “{0}” enabled
Agent
Auto-registration

eventAdmin 20193 AM_APS_AUTO_REG Agent Administrator

_DEFAULT_REALM Auto-registratrion “{0}” updated
Default Realm Agent
Auto-registration's
Default Realm

eventAdmin 20194 AM_APS_AUTO_REG Agent Administrator

_PROTOCOL Auto-registratrion “{0}” updated
Protocol Agent
Auto-registratrion
Protocol

2: RSA Authentication Manager Log Messages 87

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20195 AM_APS_AUTO_REG_SVC Agent Administrator

_NAME Auto-registratrion “{0}” updated
Service name Agent
Auto-registratrion
Service name

eventAdmin 20196 AM_APS_AUTO_REG_PORT Agent Administrator

_NUMBER Auto-registratrion “{0}” updated
port number Agent
Auto-registration
port number

eventAdmin 20197 AM_EAP32_PEPPER_MIN EAP32 minimun Administrator

pepper length “{0}” updated
EAP32 minimum
pepper length

eventAdmin 20198 AM_EAP32_PEPPER_MAX EAP32 maximum Administrator

pepper length “{0}” updated
EAP32 maximum
pepper length

eventAdmin 20199 AM_EAP32_PEPPER EAP32 pepper Administrator

_LIFETIME lifetime “{0}” updated
EAP32 pepper
lifetime

eventAdmin 20200 AM_EAP32_PEPPER_REFRESH EAP32 pepper Administrator

refresh interval “{0}” updated
EAP32 pepper
refresh interval

eventAdmin 20201 AM_EAP32_ITERATION EAP32 minimum Administrator

_COUNT_MIN iteration count “{0}” updated
EAP32 minimum
iteration count

eventAdmin 20202 AM_EAP32_ITERATION EAP32 maximum Administrator

_COUNT_MAX iteration count “{0}” updated
EAP32 maximum
iteration count

eventAdmin 20203 AM_EVENT_TOKEN_DB Event Token db Administrator

_RECOVERY_START_ON recovery start on “{0}” updated
Event Token db
recovery starton
date

88 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20204 AM_EVENT_TOKEN_DB Enable Event Administrator

_RECOVERY_ENABLED Token db “{0}” enabled
recovery Event Token db
recovery

eventAdmin 20205 AM_EVENT_TOKEN_DB Event Token db Administrator

_RECOVERY_END_ON recovery end on “{0}” updated
Event Token db
recovery endon
date

eventAdmin 20206 AM_CTKIP_SERVICE_SERVER CTKIP Service Administrator

_URL Server URL “{0}” updated
CTKIP Service
Server URL

eventAdmin 20207 AM_CTKIP_SERVICE_SERVER CTKIP Service Administrator

_ADDRESS Server address “{0}” updated
CTKIP Service
Server address

eventAdmin 20208 AM_OFFLINE_AUTH_SVC Offline Auth Administrator

_PROTOCOL Service protocol “{0}” updated
Offline Auth
Service protocol

eventAdmin 20209 AM_OFFLINE_AUTH_PORT Offline Auth Port Administrator

_NUMBER number “{0}” updated
Offline Auth Port
number

eventAdmin 20210 AM_OFFLINE_AUTH_SVC Offline Auth Administrator

_NAME Service name “{0}” updated
Offline Auth
Service name

eventAdmin 20211 AM_APS_AUTH_SVC APS Administrator

_PROTOCOL Authentication “{0}” updated
service protocol Authentication
service protocol

eventAdmin 20212 AM_APS_PORT_NUMBER APS Administrator

Authentication “{0}” updated
port number Authentication
port number

2: RSA Authentication Manager Log Messages 89

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20213 AM_APS_CLIENT_RESPONSE APS Administrator

_DELAY Authentication “{0}” updated
client response Authentication
delay client response
delay

eventAdmin 20214 AM_CONFIGURATION Failed to update Administrator

_UPDATE_FAILED AM configuration “{0}” failed to
update AM
configuration

eventAdmin 20215 AM_APS_AUTO_REG Disable Agent Administrator

_DISABLED Auto-registration “{0}” disabled
Agent
Auto-registration

eventAdmin 20216 AM_EVENT_TOKEN_DB Disable Event Administrator

_RECOVERY_DISABLED Token db “{0}” disabled
recovery Event Token db
recovery

eventAdmin 20217 ACTIVATE_BCO Activate Business Administrator

Continuity “{0}” attempted to
activate business
continuity “{4}”
managed in
security domain
“{5}”

eventAdmin 20218 MANAGE_NTLM2UPN Manage Administrator

_MAPPINGS NTLM2UPN “{0}” attempted to
mappings manage(add/delete
/update)
NTLM2UPN
mappings

eventAdmin 20219 DOWNLOADED_EA_ONE File Download Downloaded

_TIME_TOKENCODE Generated
_TO_FILE emergency access
one time token
code for the token
“{4}” to file.

90 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20220 TRUSTED_USER_GROUP Unlink a Trusted Administrator

_REMOTE_PRINCIPAL User Group to a “{0}” attempted to
_UNLINK Trusted User unlink trusted user
“{4}” stored in
identity source
“{6}” managed in
security domain
“{5}” with trusted
user group “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

eventAdmin 20221 TRUSTED_USER_GROUP Link a Trusted Administrator

_AGENT_LINK User Group to an “{0}” attempted to
Agent link agent “{4}”
managed in
security domain
“{5}” with trusted
user group “{8}”
stored in identity
source “{10}”
managed in
security domain
“{9}”

eventAdmin 20222 MANAGE_PUK_IGNORE Manage Pin Administrator

Unlock Key “{0}” attempted to
(PUK) import PUK data
for token “{4}”
managed in
security domain
“{5}” but a record
already exists.

eventAdmin 20223 MANAGE_PUK_REPLACE Manage Pin Administrator

Unlock Key “{0}” attempted to
(PUK) replace PUK data
for token “{4}”
managed in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 91

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20224 MANAGE_PUK_IMPORT Manage Pin Administrator

Unlock Key “{0}” attempted to
(PUK) import PUK data
for token “{4}”
managed in
security domain
“{5}”

eventAdmin 20225 DEACTIVATE_BCO Deactivate Business

Business Continuity Option
Continuity “{4}” expired in
Security Domain
“{5}”

eventAdmin 20226 PIN_UNBLOCK Pin Unblock Administrator

“{0}” attempted to
perform pin
unblock for token
“{4}”

eventAdmin 20231 AUTHMGR_CTKIP Update CTKIP Administrator

_AUTHCODE_UPDATE Authcode “{0}” attempted to
update CTKIP
authcode “{4}”
managed in
security domain
“{5}”

eventAdmin 20230 CREATE_BACKUP_ATTEMPT Create Backup Administrator

Attempt “{0}” attempted to
create a backup.

eventAdmin 20227 CREATE_BACKUP Create Backup Administrator

“{0}” created a
backup.

eventAdmin 20234 AM_EAP32_SESSION Enable Administrator

_RESUMPTION_ENABLED EAP-POTP “{0}” enabled
session EAP-POTP
resumption session resumption

eventAdmin 20235 AM_EAP32_SESSION Disable Administrator

_RESUMPTION_DISABLED EAP-POTP “{0}” disabled
session EAP-POTP
resumption session resumption

92 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 20236 AM_PERIODIC_RADIUS Enabled periodic Administrator

_REPLICATION_ENABLED RADIUS “{0}” enabled
Replication periodic RADIUS
Replication

eventAdmin 20237 AM_PERIODIC_RADIUS Disabled periodic Administrator

_REPLICATION_DISABLED RADIUS “{0}” disabled
Replication periodic RADIUS
Replication

eventAdmin 20238 AM_GENERATE_REPLICA Replica Package Administrator

_PKG Generation “{0}” attempted to
generate replica
package

eventAdmin 20239 EXPORT_DATA_TO_FILE Export Data to Administrator

file “{0}” attempted to
export data to the
file “{11}”.

eventAdmin 20240 GENERATE_EXPORT Generate Export Administrator

_SECURITY_PACKAGE Security Package “{0}” attempted to
generate and
download export
security package.

eventAdmin 20241 AM_START_REPLICA Start Replica Administrator

_ATTACH Attach “{0}” attempted to
start attaching the
replica “{4}”

eventAdmin 20242 IMPORT_DATA_FROM_FILE Import Users and Administrator

Tokens from file “{0}” attempted to
import users and
tokens from the
file “{11}”.

eventAdmin 20243 IMPORT_TOKEN_FROM Import Token Administrator

_EXPORTED_DATA from exported “{0}” attempted to
data import token “{4}”
from exported data
file.

eventAdmin 20244 IMPORT_USER_FROM Import User from Administrator

_EXPORTED_DATA exported data “{0}” attempted to
import user “{4}”
from exported data
file.

2: RSA Authentication Manager Log Messages 93

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 30001 UCM_REQUEST_CREATE Create a UCM Administrator

Request attempted to create
ucm request

eventAdmin 30002 UCM_REQUEST_APPROVE Approve a UCM Administrator

Request attempted to
approve a ucm
request

eventAdmin 30003 UCM_REQUEST_DISTRIBUTE Distribute a UCM Administrator

Request attempted to
distribute a ucm
request

eventAdmin 30004 UCM_REQUEST_REJECT Reject a UCM Administrator

Request attempted to reject
a ucm request

eventAdmin 30005 UCM_REQUEST_CANCEL Cancel a UCM Administrator

Request attempted to
cancel a ucm
request

eventAdmin 30006 UCM_REQUEST_UPDATE Update a UCM Administrator

Request attempted to
update a ucm
request

eventAdmin 30007 UCM_TOKEN_PIN_CHANGE Change Token Administrator

Pin through UCM attempted to
change token pin
through UCM

eventAdmin 30008 UCM_MAIL_RESEND Resend Last Mail Administrator

attempted to
resend the last mail

eventAdmin 30009 UCM_PIN_UNBLOCK Unblock Smart User attempted to

Card unblock smart card

eventAdmin 30010 UCM_RESET_PASSWORD Reset Password User attempted to

reset their
password

eventAdmin 30011 UCM_RESYNC_TOKEN Resync Token User attempted to

resync their token

94 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 30012 UCM_PLACE_TOKEN_EA Place Token in User attempted to

_MODE EA Mode place token in EA
mode

eventAdmin 30013 UCM_SMS_DELIVERY Change SMS User attempted to

_CHANGE Delivery Option change SMS
delivery options

eventAdmin 30014 UCM_UPDATE_USER Update User User attempted to

_ATTRIBUTES Attributes update their
attributes

eventAdmin 30015 UCM_CLEAR_RBA_DEVICES Clear RBA User attempted to

Devices clear their RBA
devices

eventAdmin 30016 UCM_SEND_END_USER Send an End-User A notification has

_NOTIFICATION Notification been sent to the
user

eventAdmin 30017 UCM_UPDATE_USER Update User User attempted to

_GROUPS Groups update their user
groups

eventAdmin 30018 UCM_SET_REALM Set Realm Admin attempted

_PREFERENCES Preferences Actio to set UCM realm
preferences.

eventAdmin 30019 UCM_GET_REALM Get Realm Admin attempted

_PREFERENCES Preferences to get UCM realm
Action preferences.

eventAdmin 30020 UCM_UPDATE_SMART_CARD Update UCM

_CONFIG Smart Card
Action

eventAdmin 30021 UPDATE_SHIPPING_ADDRESS update UCM

_CONFIGURATION Shipping Address
Configuration
Action Key.

eventAdmin 30022 UCM_IDENTITY_SOURCE update UCM

_UPDATE Identity Source
System Action
Key.

2: RSA Authentication Manager Log Messages 95

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 30023 UCM_SECURITY_DOMAIN update UCM

_UPDATE security Domain
System Action
Key.

eventAdmin 30024 UCM_USER_PROFILE update UCM

_UPDATE User Profile
System Action
Key.

eventAdmin 30025 UCM_USER_GROUP_UPDATE update UCM

User Group
System Action
Key.

eventAdmin 30026 UCM_MAIL_NOTIFICATION update UCM mail

_TEMPLATE_UPDATE notification
template Action
Key.

eventAdmin 30027 UCM_AUTHENTICATION update UCM

_CONFIGURATION_UPDATE authentication
configuration
Action Key.

eventAdmin 30028 UCM_SELFSERVICE update UCM

_OPERATION_MAPPING workflow
_UPDATE definition Action
Key.

eventAdmin 30029 UCM_USER_GROUP Retrieve UCM

_RETRIEVE User Group
System Action
Key.

eventAdmin 30030 UCM_SECURITY_DOMAIN Retrieve UCM

_RETRIEVE security Domain
System Action
Key.

eventAdmin 30031 UCM_IDENTITY_SOURCE Retrieve UCM

_RETRIEVE Identity Source
System Action
Key.

96 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 30032 UCM_USER_PROFILE Retrieve UCM

_RETRIEVE User Profile
System Action
Key.

eventAdmin 30033 SHIPPING_ADDRESS Retrieve Shipping

_CONFIGURATION_RETRIEVE Address
Configuration
Action Key.

eventAdmin 30034 UCM_REQUEST_RETRIEVE Retrieve a UCM

Request.

eventAdmin 30035 UCM_WORKITEM_COMPLETE Create a UCM

Request.

eventAdmin 30036 UCM_SEARCH_REQUESTS Search Requests

_BY_ATTRIBUTE by Attribute
Action Key

eventAdmin 30037 UCM_COMPLETE Complete

_WORKFLOW_REQUEST Workflow
Request Action
Key

eventAdmin 30038 UCM_GET_WORKFLOWS Get Workflows

Action Key

eventAdmin 30039 UCM_GET_WORKFLOW Get Workflows

_REQUESTS Requests Action
Key

eventAdmin 30040 UCM_GET_WORKFLOW Get Workflows

_REQUEST_ACTIONS Request Actions
Action Key

eventAdmin 30041 UCM_GET_WORKFLOW Get Workflow

_PROCESSES Processes Action
Key

eventAdmin 30042 UCM_UPDATE_WORKFLOW Update Workflow

_REQUEST Request Action
Key

eventAdmin 30043 UCM_MAIL_NOTIFICATION Add UCM mail

_TEMPLATE_ADD notification
template Action
Key.

2: RSA Authentication Manager Log Messages 97

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAdmin 30044 UCM_PROCESS_DEFINITON Update UCM

_UPDATE process definition
Action Key.

eventAdmin 30045 UCM_SHIPPING_ADDRESS update UCM

_UPDATE Shipping Address
Attribute
Definition
System Action
Key.

eventAdmin 30046 UCM_PROCESS_DEFINITON Retrieve UCM

_RETRIEVE process definition
Action Key.

eventAdmin 30047 UCM_RETRIEVE Retrieve UCM

_CONFIGURATION configuration
Action Key.

eventAdmin 30048 UCM_REQUEST_AUTO Auto-approve a

_APPROVE Self-Service
Request

eventAdmin 30049 UCM_ACTIVATE_TOKEN Activate Token

eventAdmin 30050 UCM_ACTIVATE Activate

_REPLACEMENT_TOKEN Replacement
Token

eventAdmin 30051 UCM_ASSIGN Assign

_REPLACEMENT_TOKEN Replacement
Token

eventAdmin 30052 UCM_CHANGE_SMS_PIN Change SMS Pin

eventAdmin 30053 UCM_ASSIGN_SMS_TOKEN Assign

On-Demand
Token

eventAdmin 30054 UCM_ASSIGN_TOKEN Assign Token

eventAuthn 13001 AUTHN_LOGOUT_EVENT Principal session User “{0}”

logout attempted to log
out of security
domain “{1}” in
identity source
“{2}”

98 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 13002 AUTHN_LOGIN_EVENT Principal User “{0}”

authentication attempted to
authenticate using
authenticator
“{6}”. The user
belongs to security
domain “{1}”

eventAuthn 13003 AUTHN_LOCKOUT_EVENT Principal lockout User “{0}” from

security domain
“{1}” in identity
source “{2}” is
locked out

eventAuthn 13004 ADD_DEVICE_BINDING Register new A new device was

device for saved to the RBA
principal device history for
user “{0}” from
security domain
“{1}” in identity
source “{2}”.

eventAuthn 13005 OC_ADMIN_LOGOUT_EVENT OC Admin Operations

session logout Console admin
“{0}” attempted to
log out of
Operations
Console

eventAuthn 13006 OC_ADMIN_LOGIN_EVENT OC Admin Operations

authentication Console admin
“{0}” attempted to
authenticate to
Operations
Console

eventAuthn 13007 PROXY_LOGIN_EVENT Authentication The authentication

request request was routed
through “{9}”.

2: RSA Authentication Manager Log Messages 99

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 13008 DEVICE_ELEMENTS_NOT Device elements User “{0}” from

_BOUND not bound for security domain
principal “{1}” in identity
source “{2}” must
provide an identity
confirmation
before he can
achieve a higher
assurance level for
this device. If the
user has not
already configured
an identity
confirmation
method then you
may need to take
action.

eventAuthn 23001 AUTH_UDP_PACKET Authentication Processing

_PROCESSING packet processing authentication
packet from agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23002 AUTH_UNSUPPORTED Received Received

_PROTOCOL unsupported unsupported
request request from agent
“{3}” with IP
address “{4}” in
security domain
“{5}”. Request
type: “{18}”

eventAuthn 23003 AUTH_LOG_REQUEST Authentication Log request

log request received from
agent “{3}” with
IP address “{4}” in
security domain
“{5}”

100 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23004 AUTH_AGENT_ACCESS Authentication Verifying user

_CHECK agent access “{0}” in security
check domain “{1}”
from identity
source “{2}” is
allowed access to
agent “{3}” with
IP address “{4}” in
security domain
“{5}”

eventAuthn 23005 AUTH_NODE_VERIFICATION Node secret Verifying node

verification secret for the agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23006 AUTH_NODE_SECRET_SENT Node secret sent Node secret sent to

agent “{3}” with
IP address “{4}” in
security domain
“{5}”

eventAuthn 23007 AUTH_SECONDARY Secondary Unable to process

_SEGMENT_PROCESSING segment secondary
_FAILURE processing failed segments for
request from agent
“{3}” with IP
address “{4}” in
security domain
“{5}”. Secondary
segment request
will be ignored

eventAuthn 23008 AUTH_PRINCIPAL Resolve principal Attempting to

_RESOLUTION by userid/alias resolve user by
userid or alias
“{0}”. Request
originated from
agent “{3}” with
IP address “{4}” in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 101

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23009 AUTH_SESSION_OPEATION Session operation Session operation

_FAILURE failure failure processing
request from agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23010 AUTH_NEW_PIN New pin New pin cancelled

_CANCELLED cancelled for user for user“{0}”.
Request originated
from agent “{3}”
with IP address
“{4}” in security
domain “{5}”

eventAuthn 23011 CREATE_AM_TOKEN Create Token Administrator

“{0}” attempted to
create token “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAuthn 23012 UPDATE_AM_TOKEN Update Token Administrator

“{0}” attempted to
update token “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAuthn 23013 DELETE_AM_TOKEN Delete Token Administrator

“{0}” attempted to
delete token “{4}”
stored in identity
source “{6}”
managed in
security domain
“{5}”

eventAuthn 23014 AUTHMGR_TOKEN_STAT Token Statistics Administrator

_SEARCH Search “{0}” attempted to
search for token
statistics

102 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23015 OFFLINE_LOGIN_EVENT Offline Login Offline

Event authentication
attempted by user
“{0}” on agent
“{3}” using token
with serial number
“{8}” at “{10}”

eventAuthn 23016 OA_DATA_DOWNLOAD Offline Offline

Authentication authentication data
Data Download download
requested by user
“{0}” from agent
“{3}” using token
“{8}”

eventAuthn 23017 OA_DATA_DOWNLOAD Offline Offline

_FAILED Authentication authentication data
Data Download download
Failed requested by user
“{0}” from agent
“{3}” using token
“{8}” failed with
error message
“{9}”

eventAuthn 23018 OA_WINDOWS_PASSWORD Windows Windows

_UPDATE Password password updated
Updated for user “{0}”

eventAuthn 23019 OA_DOMAIN_SECRET Domain Secret Domain secret

_UPDATE Updated updated for agent
“{3}”

eventAuthn 23020 AUTHMGR_NEW_PIN New pin mode New pin mode

_ACTIVATED activated for activated for token
token serial number
“{16}” assigned to
user “{0}” in
security domain
“{1}” from “{2}”
identity source

2: RSA Authentication Manager Log Messages 103

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23021 AUTHMGR_NEXT Next tokencode Next tokencode

_TOKENCODE_ACTIVATED mode activated mode activated for
for token token serial
number “{16}”
assigned to user
“{0}” in security
domain “{1}”
from “{2}”
identity source

eventAuthn 23022 AUTHMGR_TOKEN Token replaced original token

_REPLACEMENT_ORIGINAL deleted
_DELETED

eventAuthn 23023 AUTHMGR_TOKEN Token replaced original token

_REPLACEMENT_ORIGINAL unassigned
_UNASSIGNED

eventAuthn 23024 AUTHMGR_PASSCODE Authentication Passcode reuse or

_REUSE attempted previous token
code detected for
user “{0}” in
security domain
“{1}” from “{2}”
identity source.
Request originated
from agent “{3}”
with IP address
“{4}” in security
domain “{5}” with
protocol version
“{2}”.
Authentication
method: “{6}” ;
Authentication
policy exp: “{7}”

eventAuthn 23025 AUTHMGR_SID_METHOD SID method SID method

_INFO

104 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23026 AUTHMGR_PIN_CHANGE PIN change User “{0}” in

attempted security domain
“{1}” from
identity source
“{2}” attempted to
change pin for
token serial
number “{16}”

eventAuthn 23027 AUTHMGR_FIXED_PASSCODE Fixed passcode Administrator

_CHANGE change “{0}” attempted to
change fixed
passcode

eventAuthn 23028 AUTH_AGENT_LOOKUP Lookup Lookup

Authentication authentication
agent agent by IP
address “{4}”

eventAuthn 23029 AGENT_AUTO_REG_START Agent Received an agent

auto-registration auto-registration
request request from IP
address “{4}”

eventAuthn 23030 AUTO_REG_NEW_AGENT New New

authentication authentication
agent was agent “{3}” with
registered with primary IP address
Authentication “{4}” was
Manager registered with
Authentication
Manager in
Security Domain
“{5}”

eventAuthn 23031 AUTOREG_GET_SECURITY Getting Security Getting Security

_DOMAIN Domain for agent Domain for agent
auto-registration “{3}” with
primary IP address
“{4}” for
auto-registration.
Agent Security
Domain is “{5}”

2: RSA Authentication Manager Log Messages 105

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23032 AUTO_REG_DUPLICATE_IP Found another Found another

agent with the agent “{8}” with
same IP address the same IP
while trying to address “{4}”
auto-register an while trying to
agent auto-register agent
“{3}”

eventAuthn 23033 AUTOREG_UPDATE_AGENT Updated agent Updated agent

with the new IP “{3}” with the new
address IP address “{4}” in
Security Domain
“{5}”

eventAuthn 23034 AUTOREG_UNASSIGN_IP While updating found another

an agent agent with the
same IP address.
Unassigning IP
address

eventAuthn 23035 AUTO_REG_DUPLICATE Registering new Registering new

_AGENT agent. Found agent “{3}” in
agent with the Security Domain
same name “{5}”. Found
agent with the
same name and IP
address “{4}”

eventAuthn 23036 AUTOREG_VERIFY Agent node secret Verifying node

_NODESECRET verification secret for the agent
“{3}” with IP
address “{4}” in
Security Domain
“{5}”

eventAuthn 23037 AUTOREG_AGENT_NOT Trying to update but it does not

_FOUND IP address for an exist
agent with node
secret

eventAuthn 23038 AUTOREG_DHCP_ERROR While registering found another

an agent agent with the
same alias IP
address

106 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23039 AUTOREG_CLEAR Agent node secret Cleared node

_NODESECRET has been cleared secret for the agent
“{3}” in Security
Domain “{5}”

eventAuthn 23040 TR_H_AUTHMGR_PIN Trusted Realm: User “{0}” in

_CHANGE PIN change security domain
attempted “{1}” from
identity source
“{2}” in trusted
realm “{13}”
attempted to
change pin for
token serial
number “{16}”

eventAuthn 23041 TR_H_AUTHMGR_PASSCODE Trusted Realm Passcode reuse or

_REUSE authentication previous token
attempted code detected for
user “{0}” in
security domain
“{1}” from “{2}”
identity source.
Request originated
from trusted realm
“{13}” with agent
“{3}” with IP
address “{4}” in
security domain
“{5}” with
protocol version
“{2}”.
Authentication
method: “{6}” ;
Authentication
policy exp: “{7}”

eventAuthn 23042 TR_H_AUTHN_LOGIN_EVENT Trusted Realm User “{0}”

Authentication attempted to
authenticate using
authenticator
“{6}” from
Trusted Realm
“{13}”. The user
belongs to Security
Domain “{1}”

2: RSA Authentication Manager Log Messages 107

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23043 TR_R_AUTHN_LOGIN_EVENT Trusted Realm Trusted user “{0}”

Authentication attempted to
Requested authenticate using
authenticator
“{8}” at trusted
realm “{9}”. The
user belongs to
Security Domain
“{1}”

eventAuthn 23044 TR_R_AUTHMGR_NEXT Trusted Realm Next tokencode

_TOKENCODE_ACTIVATED Authentication mode activated for
Request activated token serial
next tokencode number “{11}”
mode for token assigned to user
“{0}” in security
domain “{1}”
from the trusted
realm “{8}”.

eventAuthn 23045 TR_R_AUTHMGR_PIN Trusted Realm User “{0}” in

_CHANGE new PIN created security domain
by user “{1}” from the
trusted realm
“{9}” created new
pin for token serial
number “{10}”.

eventAuthn 23046 TR_H_AUTHMGR_NEW_PIN Trusted Realm: New pin mode

_ACTIVATED New pin mode activated for token
activated for serial number
token “{16}” assigned to
user “{0}” in
security domain
“{1}” from “{2}”
identity source.
Request received
from trusted realm
“{13}”

108 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23047 TR_H_AUTHMGR_NEXT Trusted Realm: Next tokencode

_TOKENCODE_ACTIVATED Next tokencode mode activated for
mode activated token serial
for token number “{16}”
assigned to user
“{0}” in security
domain “{1}”
from “{2}”
identity source.
Request received
from trusted realm
“{13}”

eventAuthn 23048 TR_R_REMOTE_PRINCIPAL Trusted User The trusted user

_DISCOVERED Discovered “{0}” was
discovered in the
trusted realm
“{9}”.

eventAuthn 23049 TR_R_REMOTE_PRINCIPAL Resolve user by The user login

_NOT_DISCOVERED User “{0}” could not be
ID/alias/Trusted discovered in the
realm search local realm or by
searching
configured trusted
realms.

eventAuthn 23050 NO_MORE_OTT Login with One Token with serial

Time Tokencode number “{8}” does
Event not have any more
one time
tokencodes
associated with it.

eventAuthn 23051 TFT_EXPIRED Login with Fixed emergency

Temporary Fixed access tokencode
Tokencode Event associated with
token with serial
number “{8}” has
expired.

2: RSA Authentication Manager Log Messages 109

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23052 OTTS_EXPIRED Login with One One time

Time Tokencode emergency access
Event tokencode set
associated with
token with serial
number “{8}” has
expired.

eventAuthn 23053 EAP32_SESSION_RESUME EAP-32 User “{0}”

Authentication attempted to
resume the
existing EAP-32
Session.

eventAuthn 23054 REMOTE_AUTH_PRINCIPAL Resolve trusted Attempting to

_RESOLUTION user by userid resolve trusted
user by userid
“{0}”. Request
originated from
agent “{3}” with
IP address “{4}” in
security domain
“{5}”

eventAuthn 23055 AM61_MIGRATED_AUTHN AM61 Migrated AM61 Migrated

_LOG_MESSAGE log message log message.
Original message:
“{8}”.

eventAuthn 23056 TR_R_REALM_DISABLED Trusted Realm The Trusted Realm

Disabled “{9}” has rejected
the connection.

eventAuthn 23057 TR_R_LOCAL_REALM Trusted Realm The Trusted Realm

_DISABLED Disabled “{9}” is disabled.

eventAuthn 23058 NTLM_MAPPING_NOT NTLM mapping There is no NTLM

_FOUND not found mapping for
“{8}”.

eventAuthn 23059 FAILED_TO_LOOKUP_NTLM Failed to lookup Could not lookup

_MAPPINGS NTLM mapping NTLM mapping
for “{8}”.

eventAuthn 23060 EAP32_AUTH EAP-32 User “{0}”

Authentication attempted EAP-32
authentication

110 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23061 EAP32_NEW_PEPPER EAP-32 User “{0}”

Authentication received new
EAP-32 Pepper

eventAuthn 23062 TOKEN_EXPIRED Token Expired Token serial

number “{16}”
assigned to user
“{0}” in security
domain “{1}”
from identity
source “{2}” is
expired

eventAuthn 23063 AUTH_AGENT_LOG Agent log request TACACS login

_REQUEST_SUCCESS succeeded with
TACACS
password on agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23064 AUTH_AGENT_LOG Agent log request TACACS login

_REQUEST_FAIL failed with
TACACS
password on agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23065 AUTH_AGENT_ENABLE Agent log enable TACACS enable

_REQUEST request attempt on agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23066 AUTHMGR_SMS_PIN PIN change User “{0}” in

_CHANGE attempted for security domain
On-Demand “{1}” from
Tokencode identity source
Service “{2}” attempted to
change pin for
On-Demand
Tokencode Service

2: RSA Authentication Manager Log Messages 111

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23067 AUTHMGR_SMS_PASSCODE Authentication Passcode reuse or

_REUSE attempted previous token
code detected for
user “{0}” in
security domain
“{1}” from “{2}”
identity source.
Request originated
from agent “{3}”
with IP address
“{4}” in security
domain “{5}” with
protocol version
“{2}”.
Authentication
method: “{6}” ;
Authentication
policy exp: “{7}”

eventAuthn 23068 AUTHMGR_SMS_NEW_PIN New pin mode New pin mode

_ACTIVATED activated for activated for
On-Demand On-Demand
Tokencode Tokencode Service
Service for user “{0}” in
security domain
“{1}” from “{2}”
identity source

eventAuthn 23069 AUTH_AGENT_TRUSTED Authentication Verifying trusted

_USER_ACCESS_CHECK agent access user “{0}” in
check security domain
“{1}” from
identity source
“{2}” is allowed
access to agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23070 AUTOREG_UPDATE_FAILED Agent update Auto-registration

failed update for the
agent “{3}” with
IP address “{4}” in
Security Domain
“{5}”

112 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23071 AUTH_FAILED_BAD Authentication Bad tokencode ;

_TOKENCODE_GOOD_PIN attempted but good PIN
detected for token
serial number
“{16}” assigned to
user “{0}” in
security domain
“{1}” from “{2}”
identity source

eventAuthn 23072 AUTH_FAILED_BAD_PIN Authentication Bad PIN ; but

_GOOD_TOKENCODE attempted good tokencode
detected for token
serial number
“{16}” assigned to
user “{0}” in
security domain
“{1}” from “{2}”
identity source

eventAuthn 23073 AUTH_FAILED_BAD_PIN Authentication Bad PIN ; but

_PREVIOUS_TOKENCODE attempted previous
tokencode detected
for token serial
number “{16}”
assigned to user
“{0}” in security
domain “{1}”
from “{2}”
identity source

eventAuthn 23074 TR_R_AUTHMGR_NTC Trusted realm Next tokencode

_ACCEPTED next token code mode accepted for
accepted token serial
number “{11}”
assigned to user
“{0}” in security
domain “{1}”
from the trusted
realm “{8}”.

eventAuthn 23075 AUTH_AGENT_ENABLE Agent log request TACACS enable

_SUCCESS succeeded on
agent “{3}” with
IP address “{4}” in
security domain
“{5}”

2: RSA Authentication Manager Log Messages 113

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23076 AUTH_AGENT_ENABLE Agent log request TACACS enable

_FAILED not authorized on
agent “{3}” with
IP address “{4}” in
security domain
“{5}”

eventAuthn 23077 AUTH_AGENT_ARA_LOGIN Agent log request TACACS ARA

Login (No
SecurID) on agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23078 AUTH_AGENT_CHAP_LOGIN Agent log request TACACS CHAP

Login (No
SecurID) on agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventAuthn 23079 AUTHN_ARTIFACT Authentication Authentication

_VALIDATION artifact validation artifact validation
on agent “{3}”
with IP address
“{4}” in security
domain “{5}” for
user “{0}” in
security domain
“{1}” from “{2}”
identity source

eventAuthn 23080 AUTH_AGENT_DOESNT SecurID Received a

_ACCEPT_SECURID credential type SecurID credential
not accepted ; which the agent
is configured to
not accept. Agent
“{3}” with IP
address “{4}” in
security domain
“{5}”.

114 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventAuthn 23081 AUTHN_ARTIFACT Generate Authentication

_GENERATION Authentication artifact was
Artifact generated for
principal “{0}”
stored in identity
source “{2}”
managed in
security domain
“{1}”

eventAuthn 23089 TR_R_VIA_PRINCIPAL_NOT_D Discover the user The user “{0}”

ISCOVERED could not be
discovered in the
RSA Via Access
trusted realm

eventAuthn 23090 TR_R_VIA_OTP_VERIFICATIO Verify RSA Via RSA Via

N_FAIL Tokencode Tokencode
verification failed
for the user “{0}”

eventAuthn 23091 TR_R_VIA_OTP_NODE_SECRE Agent node secret Verifying the node

T_UNAVAILABLE verification secret for the agent
“{3}” with IP
address “{4}” in
security domain
“{5}”

eventSystem 16001 LICENSE_INSTALL Install license Administrator

“{0}” attempted to
install license
“{4}” for “{3}”

eventSystem 16002 LICENSE_REPLACEMENT Replace license Administrator

“{0}” attempted to
replace license
“{5}” for “{3}”
with license “{4}”

eventSystem 16003 LICENSE_UNINSTALL Uninstall license Administrator

“{0}” attempted to
uninstall license
“{4}” for “{3}”

2: RSA Authentication Manager Log Messages 115

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16004 LICENSE_CHECK Check license System attempted

to check the
license for product
“{3}” “{4}” on
instance “{5}”

eventSystem 16005 LICENSE_GET Retrieve license System attempted

from the database to retrieve a
license from the
database with filter
“{3}”

eventSystem 16006 FEATURE_LICENSE_CHECK Check license for System attempted

feature to check the
license for feature
“{6}” of “{3}”
“{4}” on instance
“{5}”

eventSystem 16007 ARCHIVE_LOG Log archived Messages in log

“{3}” archived
from dates “{4}”
through “{5}”

eventSystem 16008 PLUGIN_LOADED Load plug-in System attempted

to load plug-in
“{3}” from file
“{4}”

eventSystem 16009 EXTENSION_LOADED Load extension System attempted

point to load extension
point “{4}” from
plug-in “{3}”

eventSystem 16010 SETUP_PRIMARY Setup primary Replication “{3}”

“{4}” succeeded

eventSystem 16011 REMOVE_PRIMARY Remove primary Replication “{3}”

“{4}” succeeded

eventSystem 16012 PROMOTE_PRIMARY Promote primary Replication “{3}”

“{4}” succeeded

eventSystem 16013 ADD_REPLICA Add replica Replication “{3}”

“{4}” succeeded

eventSystem 16014 REMOVE_REPLICA Remove replica Replication “{3}”

“{4}” succeeded

116 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16015 ATTACH_REPLICA Attach replica Replication “{3}”

“{4}” succeeded

eventSystem 16016 SYNCHRONIZE_REPLICA Synchronize Replication “{3}”

replica “{4}” succeeded

eventSystem 16017 REGISTRY_TOPOLOGY_READ Read cluster System attempted

topology to retrieve the
cluster topology

eventSystem 16018 REGISTRY_TOPOLOGY Update cluster System attempted

_WRITE topology to update the
cluster topology
for instance “{3}”

eventSystem 16019 REGISTRY_INSTANCE Register instance Administrator

_REGISTRATION “{0}” attempted to
register instance
“{3}”

eventSystem 16020 REGISTRY_INSTANCE Update instance Administrator

_UPDATE “{0}” attempted to
update instance
“{3}”

eventSystem 16021 REGISTRY_INSTANCE Deregister Administrator

_DEREGISTER instance “{0}” attempted to
deregister instance
with ID “{3}”

eventSystem 16022 REGISTRY_INSTANCE Look up instance Administrator

_LOOKUP “{0}” attempted to
read an instance

eventSystem 16023 REGISTRY_COMPONENT Register Administrator

_REGISTRATION component “{0}” attempted to
register component
“{4}” on instance
“{3}”

eventSystem 16024 REGISTRY_COMPONENT Update Administrator

_UPDATE component “{0}” attempted to
update component
“{4}” on instance
“{3}”

2: RSA Authentication Manager Log Messages 117

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16025 REGISTRY_COMPONENT Deregister Administrator

_DEREGISTER component “{0}” attempted to
deregister
component “{4}”
from instance
“{3}”

eventSystem 16026 REGISTRY_COMPONENT Look up Administrator

_LOOKUP component “{0}” attempted to
read a component

eventSystem 16027 REGISTRY_PATCH_ADD Add component Administrator

patch “{0}” attempted to
add patch “{5}” to
component “{4}”
on instance “{3}”

eventSystem 16028 REGISTRY_PATCH_REMOVE Remove Administrator

component patch “{0}” attempted to
remove patch
“{5}” from
component “{4}”
on instance “{3}”

eventSystem 16029 REGISTRY_CLUSTER Cluster topology Cluster topology

_UPDATED updated for instance “{3}”
has been updated

eventSystem 16030 REGISTRY_CLUSTER Cluster topology Cluster topology

_UNCHANGED unchanged for instance “{3}”
has not been
changed

eventSystem 16031 REGISTRY_INITIALIZATION Initialize registry System attempted

to initialize the
registry

eventSystem 16032 DELETE_BATCH_JOB Delete batch job Administrator

“{0}” attempted to
delete batch job
“{8}”

eventSystem 16033 EXECUTE_BATCH_JOB Execute batch job Administrator

“{0}” attempted to
execute batch job
“{3}”: “{4}”

118 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16034 READ_BATCH_JOB Read batch job Administrator

“{0}” attempted to
read batch job
“{8}”

eventSystem 16035 READ_SCHEDULE_JOB Read scheduled Administrator

job “{0}” attempted to
read scheduled job
“{8}”

eventSystem 16036 ADD_BATCH_JOB Add batch job Administrator

“{0}” attempted to
add batch job
“{8}”

eventSystem 16037 SCHEDULE_BATCH_JOB Schedule batch Administrator

job “{0}” attempted to
schedule batch job
“{8}”

eventSystem 16038 DELETE_SCHEDULE_JOB Delete scheduled Administrator

job “{0}” attempted to
delete scheduled
job “{8}”

eventSystem 16039 CANCEL_BATCH_JOB Cancel batch job Administrator

“{0}” attempted to
cancel batch job
“{8}”

eventSystem 16040 CANCEL_SCHEDULE_JOB Cancel scheduled Administrator

job “{0}” attempted to
cancel scheduled
job “{8}”

eventSystem 16041 DELETE_AGED_JOB Delete aged job Administrator

“{0}” attempted to
delete aged job
“{3}”

eventSystem 16042 EXECUTE_COMMAND Execute Administrator

command “{0}” attempted to
execute command
“{3}”

2: RSA Authentication Manager Log Messages 119

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16043 CONDITION_EVALUATION Evaluate Administrator

condition “{0}” attempted to
evaluate the
expression “{3}”

eventSystem 16044 ACCESS_DATABASE Database access Database access

attempted by
system

eventSystem 16045 ACCESS_DIRECTORY Directory access Administrator

“{0}” attempted to
access directory
“{3}”

eventSystem 16046 CREATE_REALM Create realm Administrator

“{0}” attempted to
create a realm

eventSystem 16047 DELETE_REALM Delete realm Administrator

“{0}” attempted to
delete a realm

eventSystem 16048 UPDATE_REALM Update realm Administrator

“{0}” attempted to
update a realm

eventSystem 16049 READ_REALM Read realm Administrator

“{0}” attempted to
read a realm

eventSystem 16050 CREATE_SECURITY_DOMAIN Create security Administrator

domain “{0}” attempted to
create a security
domain

eventSystem 16051 DELETE_SECURITY_DOMAIN Delete security Administrator

domain “{0}” attempted to
delete a security
domain

eventSystem 16052 UPDATE_SECURITY_DOMAIN Update security Administrator

domain “{0}” attempted to
update a security
domain

120 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16053 READ_SECURITY_DOMAIN Read security Administrator

domain “{0}” attempted to
read a security
domain

eventSystem 16054 CREATE_IDENTITY_SOURCE Create identity Administrator

source “{0}” attempted to
create an identity
source “{3}”

eventSystem 16055 DELETE_IDENTITY_SOURCE Delete identity Administrator

source “{0}” attempted to
delete an identity
source “{3}”

eventSystem 16056 UPDATE_IDENTITY_SOURCE Update identity Administrator

source “{0}” attempted to
update an identity
source “{3}”

eventSystem 16057 READ_IDENTITY_SOURCE Read identity Administrator

source “{0}” attempted to
read an identity
source

eventSystem 16058 LINK_IDENTITY_SOURCES Link identity Administrator

source “{0}” attempted to
associate an
identity source
with a realm

eventSystem 16059 UNLINK_IDENTITY_SOURCES Unlink identity Administrator

source “{0}” attempted to
disassociate an
identity source
from a realm

eventSystem 16060 READ_AUTHENTICATORS Read System attempted

authenticators to read
authenticators

eventSystem 16061 UPDATE_AUTHENTICATORS Update Administrator

authenticators “{0}” attempted to
update
authenticators

2: RSA Authentication Manager Log Messages 121

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16062 CREATE_ATTRIBUTE Create attribute Administrator

“{0}” attempted to
create an attribute

eventSystem 16063 READ_ATTRIBUTE Read attribute Administrator

“{0}” attempted to
read an attribute
definition

eventSystem 16064 UPDATE_ATTRIBUTE Update attribute Administrator

“{0}” attempted to
update an attribute

eventSystem 16065 DELETE_ATTRIBUTE Delete attribute Administrator

“{0}” attempted to
delete an attribute

eventSystem 16066 CREATE_ATTRIBUTE Map attribute Administrator

_MAPPING “{0}” attempted to
map an attribute

eventSystem 16067 READ_ATTRIBUTE_MAPPING Read attribute Administrator

mapping “{0}” attempted to
read mappings for
an attribute
definition

eventSystem 16068 DELETE_ATTRIBUTE Delete attribute Administrator

_MAPPING mapping “{0}” attempted to
delete mapping of
an attribute

eventSystem 16069 CREATE_ADMIN_ROLE Create Administrator

administrative “{0}” attempted to
role create an
administrative role

eventSystem 16070 DELETE_ADMIN_ROLE Delete Administrator

administrative “{0}” attempted to
role delete an
administrative role

eventSystem 16071 READ_ADMIN_ROLE Read Administrator

administrative “{0}” attempted to
role read an
administrative role

122 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16072 UPDATE_ADMIN_ROLE Update Administrator

administrative “{0}” attempted to
role update an
administrative role

eventSystem 16073 LINK_PRINCIPAL_ADMIN Associate Administrator

_ROLE principal with “{0}” attempted to
administrative associate a
role principal with an
administrative role

eventSystem 16074 UNLINK_PRINCIPAL_ADMIN Disassociate Administrator

_ROLE principal from “{0}” attempted to
administrative disassociate a
role principal from an
administrative role

eventSystem 16075 INITIALIZE_PERMISSIONS Initialize System attempted

permissions to load permission
types from the
database

eventSystem 16076 AUTHN_BROKER_INIT Initialize System attempted

_EVENT authentication to initialize the
broker authentication
broker

eventSystem 16077 CREATE_PWD_POLICY Create password Administrator

policy “{0}” attempted to
create a password
policy

eventSystem 16078 DELETE_PWD_POLICY Delete password Administrator

policy “{0}” attempted to
delete password
policy “{4}”

eventSystem 16079 UPDATE_PWD_POLICY Update password Administrator

policy “{0}” attempted to
update password
policy “{4}”

eventSystem 16080 READ_PWD_POLICY Read password Administrator

policy “{0}” attempted to
read password
policy “{4}”

2: RSA Authentication Manager Log Messages 123

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16081 CREATE_LOCKOUT_POLICY Create lockout Administrator

policy “{0}” attempted to
create a lockout
policy

eventSystem 16082 DELETE_LOCKOUT_POLICY Delete lockout Administrator

policy “{0}” attempted to
delete lockout
policy “{4}”

eventSystem 16083 UPDATE_LOCKOUT_POLICY Update lockout Administrator

policy “{0}” attempted to
update lockout
policy “{4}”

eventSystem 16084 READ_LOCKOUT_POLICY Read lockout Administrator

policy “{0}” attempted to
read lockout policy
“{4}”

eventSystem 16085 CREATE_AUTH_POLICY Create Administrator

authentication “{0}” attempted to
policy create an
authentication
policy

eventSystem 16086 DELETE_AUTH_POLICY Delete Administrator

authentication “{0}” attempted to
policy delete
authentication
policy “{4}”

eventSystem 16087 UPDATE_AUTH_POLICY Update Administrator

authentication “{0}” attempted to
policy update
authentication
policy “{4}”

eventSystem 16088 READ_AUTH_POLICY Read Administrator

authentication “{0}” attempted to
policy read authentication
policy “{4}”

124 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16089 DENIAL_OF_SERVICE Denial-of-service Denial-of-service

attack detected attack detected.
Server received
“{4}” failed
authentications
from user “{3}”

eventSystem 16090 READ_PWD_DIC Read password System attempted

dictionary to read the
password
dictionary

eventSystem 16091 DELETE_PWD_DIC Delete password System attempted

dictionary to delete the
password
dictionary

eventSystem 16092 UNLINK_SECURITY_DOMAIN Unlink policies Administrator

_POLICIES from security “{0}” attempted to
domain unlink policies
from security
domain “{3}”

eventSystem 16093 UNLINK_SECURITY_DOMAIN Unlink policies Administrator

_AUTHN_POLICY from security “{0}” attempted to
domain unlink the
authentication
policy from
security domain
“{3}”

eventSystem 16094 UNLINK_SECURITY_DOMAIN Unlink policies Administrator

_PWD_POLICY from security “{0}” attempted to
domain unlink the
password policy
from security
domain “{3}”

eventSystem 16095 UNLINK_SECURITY_DOMAIN Unlink policies Administrator

_LCK_POLICY from security “{0}” attempted to
domain unlink the lockout
policy from
security domain
“{3}”

2: RSA Authentication Manager Log Messages 125

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16096 CREATE_GROUP Create group Administrator

“{0}” attempted to
create a group

eventSystem 16097 UPDATE_GROUP Update group Administrator

“{0}” attempted to
update a group

eventSystem 16098 UNREGISTER_GROUP Unregister group Administrator

“{0}” attempted to
unregister a group

eventSystem 16099 READ_GROUP Read group Administrator

“{0}” attempted to
read a group

eventSystem 16100 DELETE_GROUP Delete group Administrator

“{0}” attempted to
delete group “{4}”
; stored in an
identity source

eventSystem 16101 LINK_GROUP_GROUP Associate group Administrator

with group “{0}” attempted to
associate a group
with another group

eventSystem 16102 UNLINK_GROUP_GROUP Disassociate Administrator

group from group “{0}” attempted to
disassociate a
group from
another group

eventSystem 16103 LINK_GROUP_PRINCIPAL Associate group Administrator

with principal “{0}” attempted to
associate a group
with a principal

eventSystem 16104 UNLINK_GROUP_PRINCIPAL Disassociate Administrator

group from “{0}” attempted to
principal disassociate a
principal from a
group

126 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16105 CREATE_GROUP_PARTIAL Create group with Administrator

_FAILURE partial failure “{0}” created
group “{5}” in
identity source
“{3}”. Although
the operation
partially failed ;
the group might
still exist in the
directory

eventSystem 16106 CREATE_PRINCIPAL Create principal Administrator

“{0}” attempted to
create a principal

eventSystem 16107 REGISTER_PRINCIPAL Register principal Administrator

“{0}” attempted to
register a
principal: “{3}”

eventSystem 16108 UNREGISTER_PRINCIPAL Unregister Administrator

principal “{0}” attempted to
unregister a
principal

eventSystem 16109 DELETE_PRINCIPAL Delete principal Administrator

“{0}” attempted to
delete a principal

eventSystem 16110 UPDATE_PRINCIPAL Update principal Administrator

“{0}” attempted to
update a principal

eventSystem 16111 READ_PRINCIPAL Read principal Administrator

“{0}” attempted to
read a principal

eventSystem 16112 REMOVE_ORPHANED Clean up Administrator

_PRINCIPALS unresolvable “{0}” attempted to
users clean up
unresolvable users

2: RSA Authentication Manager Log Messages 127

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16113 CREATE_PRINCIPAL_PARTIAL Create principal Administrator

_FAILURE with partial “{0}” created a
failure user “{5}” in
identity source
“{3}”. Although
the operation
partially failed ;
the user might still
exist in the
directory

eventSystem 16114 CREATE_PRINCIPAL Assign console Administrator

_PREFERENCES preferences to “{0}” attempted to
principal assign preferences
to a principal

eventSystem 16115 DELETE_PRINCIPAL Remove console Administrator

_PREFERENCES preferences for “{0}” attempted to
principal remove
preferences from a
principal

eventSystem 16116 UPDATE_PRINCIPAL Update console Administrator

_PREFERENCES preferences for “{0}” attempted to
principal update preferences
for a principal

eventSystem 16117 READ_PRINCIPAL Read user Administrator

_PREFERENCES preferences “{0}” attempted to
read the
preferences of a
user

eventSystem 16118 CREATE_REALM Assign console Administrator

_PREFERENCES preferences to “{0}” attempted to
realm assign preferences
for a realm

eventSystem 16119 DELETE_REALM Remove console Administrator

_PREFERENCES preferences for “{0}” attempted to
realm remove
preferences from a
realm

128 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16120 UPDATE_REALM Update console Administrator

_PREFERENCES preferences for “{0}” attempted to
realm change preferences
for a realm

eventSystem 16121 READ_REALM_PREFERENCES Read console Administrator

preferences for “{0}” attempted to
realm read preferences
for a realm

eventSystem 16130 READ_SERVER_ACCESS_INFO Read server System attempted

access info to read server
access info

eventSystem 16131 READ_REPORT_PROPERTY Read report System attempted

property to access a report
property

eventSystem 16133 JMS_INIT Initialize JMS System attempted

to initialize the
JMS system

eventSystem 16134 JMS_HANDLE_EVENT Handle JMS System attempted

event to process a
received JMS
event from
broadcast

eventSystem 16135 JMS_PUBLISH_EVENT Publish JMS System attempted

event to broadcast a JMS
event for event
consumers

eventSystem 16136 JMS_CLUSTERING_START Cache clustering Cache JMS

startup clustering system
for cache instance
“{3}” was
initialized

eventSystem 16137 JMS_CLUSTERING Cache clustering Cache JMS

_SHUTDOWN shutdown clustering system
for cache instance
“{3}” was shut
down

2: RSA Authentication Manager Log Messages 129

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16138 JMS_SEND_BATCH Cache Cache JMS

_NOTIFICATION notification event clustering system
for cache instance
“{3}” sent a batch
message
notification

eventSystem 16139 JMS_CONTENTS_DOWNLOAD Cache contents System attempted

download to download cache
contents for cache
instance “{3}”

eventSystem 16140 JMS_SCHEDULE_DEFERRED Schedule deferred System attempted

_CONTENTS_DOWNLOAD cache contents to verify deferred
download cache contents
download for
cache instance
“{3}”

eventSystem 16141 JMS_DEFERRED_CONTENTS Deferred cache System completed

_DOWNLOAD contents deferred cache
download contents download
for cache instance
“{3}”

eventSystem 16142 SESSION_ADD Add session Administrator

_CONFIGURATION configuration “{0}” added
session
configuration
information

eventSystem 16143 SESSION_READ Fetch session Administrator

_CONFIGURATION configuration “{0}” fetched
session
configuration
information

eventSystem 16144 SESSION_UPDATE Update session Administrator

_CONFIGURATION configuration “{0}” updated
session
configuration
information

130 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16145 SESSION_DELETE Delete session Administrator

_CONFIGURATION configuration “{0}” deleted
session
configuration
information

eventSystem 16146 SESSION_SEARCH Search session Administrator

_CONFIGURATION configuration “{0}” searched
session
configuration
information

eventSystem 16147 SESSION_ADD_LIFETIME Add session Administrator

_CONFIGURATION lifetime “{0}” added a
session lifetime
configuration
named “{3}”

eventSystem 16148 SESSION_READ_LIFETIME Fetch session Administrator

_CONFIGURATION lifetime “{0}” fetched a
session lifetime
configuration
named “{3}”

eventSystem 16149 SESSION_UPDATE_LIFETIME Update session Administrator

_CONFIGURATION lifetime “{0}” updated a
session lifetime
configuration
named “{3}”

eventSystem 16150 SESSION_DELETE_LIFETIME Delete session Administrator

_CONFIGURATION lifetime “{0}” deleted a
session lifetime
configuration
named “{3}”

eventSystem 16151 SESSION_SEARCH_LIFETIME Search session Administrator

_CONFIGURATION lifetime “{0}” searched
session lifetime
configurations

eventSystem 16152 SESSION_SEARCH_ACTIVE Search active Administrator

sessions “{0}” searched
active sessions

2: RSA Authentication Manager Log Messages 131

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16153 CONF_READ Read Administrator

configuration “{0}” read
configuration data
for scope “{3}” ;
section “{4}”

eventSystem 16154 CONF_METADATA Install Administrator

_INSTALLED congfiguration “{0}” installed
metadata configuration
metadata for scope
“{4}” ; parameter
“{3}”

eventSystem 16155 CONF_METADATA_REMOVED Remove Administrator

congfiguration “{0}” removed
metadata configuration
metadata for scope
“{3}” ; section
“{4}”

eventSystem 16156 CONF_METADATA_CHANGED Change Administrator

configuration “{0}” changed
metadata configuration
metadata for scope
“{4}” ; parameter
“{3}”. “{6}”

eventSystem 16157 CONF_VALUE_ADDED Add Administrator

configuration “{0}” added
configuration
parameter “{3}”
for scope “{4}” ;
value “{5}”. {6}

eventSystem 16158 CONN_POOL_GET Retrieve System attempted

_CONNECTION connection to retrieve
connection for
“{3}”

eventSystem 16159 CONN_POOL_FAILOVER Primary Primary

connection pool connection pool
failed for “{3}” failed

eventSystem 16160 CONN_POOL_RESTORE Primary Primary

connection pool connection pool
restored for “{3}” restored

132 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16161 SNMP_READ_CONFIG Read SNMP System attempted

agent to read SNMP
configuration agent
configuration
parameter “{3}”

eventSystem 16162 SNMP_AGENT_START Start SNMP agent System attempted

to start an SNMP
agent

eventSystem 16163 SNMP_AGENT_STOP Stop SNMP agent System attempted

to stop an SNMP
agent

eventSystem 16164 KM_KEY_BIND Bind key Administrator

“{0}” bound key
“{3}”

eventSystem 16165 KM_KEY_UNBIND Unbind key Administrator

“{0}” unbound
key “{3}”

eventSystem 16166 KM_KEY_FETCH Fetch key Administrator

“{0}” fetched key
“{3}”

eventSystem 16167 KM_KEY_UPDATE Update key Administrator

“{0}” updated key
“{3}”

eventSystem 16168 KM_KEY_PASSWORD_RESET Reset key Administrator

password “{0}” reset
password for key
“{3}”

eventSystem 16169 AA_PROCESS_REQUEST SSO request System processed

an SSO request

eventSystem 16170 CONSOLE_INTEGRATION Console System attempted

_INIT Integration to initialize the
Service Console
initialization Integration Service

eventSystem 16171 CONSOLE_INTEGRATION Console System attempted

_REGMENU Integration to register a menu
Service: Register
menu

2: RSA Authentication Manager Log Messages 133

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16172 CONSOLE_INTEGRATION Console System attempted

_REGDOMENU Integration to register a
Service: Register domain object
domain object menu
menu

eventSystem 16173 CONSOLE_INTEGRATION Console System attempted

_REGPAGEHELP Integration to register page
Service: Register help
page help

eventSystem 16174 CONSOLE_INTEGRATION Console System attempted

_REGCONSOLECONFIG Integration to register console
Service: Register configurations
console
configurations

eventSystem 16175 LINK_SECURITY_DOMAIN Link policies to Administrator

_POLICIES security domain “{0}” attempted to
link policies to
security domain
“{3}”

eventSystem 16176 SYSTEM_STARTUP System startup System attempted

to start up

eventSystem 16177 SYSTEM_SHUTDOWN System shutdown System attempted

to shut down

eventSystem 16178 REPLICATION_NETWORK Replication status A replication

_FAILURE connection has
been broken

eventSystem 16179 REPLICATION_PROCESS Replication status A replication

_FAILURE process is either
stopped or
abnormal

eventSystem 16180 REPLICATION_PROCESS Replication status A replication

_ERROR process stopped
with an error

eventSystem 16181 GENERATE_SCRIPT Generate script System attempted

to generate a
replication-related
script

134 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16182 REPLICATION_SYSTEM Replica setup Administrator

_SETUP “{0}” attempted to
create or modify
the replication
setup

eventSystem 16183 TERMINATE_DB_COMMAND Terminate System attempted

database to terminate a
operation database import or
export job

eventSystem 16184 EXPORT_DB_COMMAND Export database Administrator

“{0}” attempted to
export the database
contents

eventSystem 16185 IMPORT_DB_COMMAND Import database Administrator

“{0}” attempted to
import the
database contents

eventSystem 16186 EXECUTE_SQL_SCRIPT Execute SQL Administrator

script attempted to
perform action
“{6}” using the
store utility

eventSystem 16187 PULL_FROM_REPLICAS Pull out-of-band Administrator

updates from “{0}” attempted to
replicas pull out-of-band
updates from
replica sites “{3}”

eventSystem 16188 CREATE_SELFSERVICE Create Administrator

_POLICY self-service “{0}” attempted to
troubleshooting create an
policy self-service
troubleshooting
policy

eventSystem 16189 DELETE_SELFSERVICE Delete Administrator

_POLICY self-service “{0}” attempted to
troubleshooting delete self-service
policy troubleshooting
policy “{4}”

2: RSA Authentication Manager Log Messages 135

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16190 UPDATE_SELFSERVICE Update Administrator

_POLICY self-service “{0}” attempted to
troubleshooting update self-service
policy troubleshooting
policy “{4}”

eventSystem 16191 READ_SELFSERVICE_POLICY Read self-service Administrator

troubleshooting “{0}” attempted to
policy read self-service
troubleshooting
policy “{4}”

eventSystem 16192 UNLINK_SECURITY_DOMAIN Unlink policies Administrator

_SELFSERVICE_POLICY from security “{0}” attempted to
domain unlink the
self-service
troubleshooting
policy from
security domain
“{3}”

eventSystem 16193 CREATE_IDENTITY_MAPPING Create identity Administrator

mapping “{0}” attempted to
create an identity
mapping

eventSystem 16194 UPDATE_IDENTITY_MAPPING Update identity Administrator

mapping “{0}” attempted to
update an identity
mapping

eventSystem 16195 READ_IDENTITY_MAPPING Read identity Administrator

mapping “{0}” attempted to
read an identity
mapping

eventSystem 16196 DELETE_IDENTITY_MAPPING Delete identity Administrator

mapping “{0}” attempted to
delete an identity
mapping

eventSystem 16197 CREATE_SECURITY Create security Administrator

_QUESTIONS_POLICY question policy “{0}” attempted to
create security
question policy
“{4}”

136 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16198 DELETE_SECURITY Delete security Administrator

_QUESTIONS_POLICY question policy “{0}” attempted to
delete security
question policy
“{4}”

eventSystem 16199 UPDATE_SECURITY Update security Administrator

_QUESTIONS_POLICY question policy “{0}” attempted to
update security
question policy
“{4}”

eventSystem 16200 READ_SECURITY Read security Administrator

_QUESTIONS_POLICY question policy “{0}” attempted to
read security
question policy
“{4}”

eventSystem 16201 CREATE_TRUST Create trust Administrator

“{0}” attempted to
create a trust

eventSystem 16202 UPDATE_TRUST Update trust Administrator

“{0}” attempted to
update a trust

eventSystem 16203 READ_TRUST Read trust Administrator

“{0}” attempted to
read a trust

eventSystem 16204 DELETE_TRUST Delete trust Administrator

“{0}” attempted to
delete a trust

eventSystem 16211 CREATE_TRUST_DOMAIN Create trust Administrator

domain “{0}” attempted to
create a trust
domain

eventSystem 16212 UPDATE_TRUST_DOMAIN Update trust Administrator

domain “{0}” attempted to
update a trust
domain

eventSystem 16213 READ_TRUST_DOMAIN Read trust Administrator

domain “{0}” attempted to
read a trust domain

2: RSA Authentication Manager Log Messages 137

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16214 DELETE_TRUST_DOMAIN Delete trust Administrator

domain “{0}” attempted to
delete a trust
domain

eventSystem 16221 CREATE_TRUST_INSTANCE Create trust Administrator

instance “{0}” attempted to
create a trust
instance

eventSystem 16222 UPDATE_TRUST_INSTANCE Update trust Administrator

instance “{0}” attempted to
update a trust
instance

eventSystem 16223 READ_TRUST_INSTANCE Read trust Administrator

instance “{0}” attempted to
read a trust
instance

eventSystem 16224 DELETE_TRUST_INSTANCE Delete trust Administrator

instance “{0}” attempted to
delete a trust
instance

eventSystem 16225 READ_DATA_FILE_USAGE Read data file Administrator

usage “{0}” attempted to
read a usage data
file

eventSystem 16226 READ_LOG_FILE_USAGE Read log file Administrator

usage “{0}” attempted to
read a log usage
file

eventSystem 16227 DB_SPACE_USAGE_ALERT Database space The database

usage alert storage monitoring
process produced
an alert

eventSystem 16228 CREATE_ATTRIBUTE Create attribute Administrator

_CATEGORY “{0}” attempted to
create an attribute
category

138 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16229 UPDATE_ATTRIBUTE Update attribute Administrator

_CATEGORY “{0}” attempted to
update an attribute
category

eventSystem 16230 SEND_SMTP_MESSAGE Send SMTP System attempted

message to send an SMTP
message to “{3}”
with the subject
“{4}”

eventSystem 16231 SMTP_CONNECT SMTP connect System attempted

to connect to the
SMTP server in
order to configure
it

eventSystem 16232 DB_BACKUP_RESTORE Database backup System attempted

and restore to back up or
restore the
database

eventSystem 16233 DB_SPACE_USAGE Database space System attempted

_MANAGEMENT management to configure the
database table
space usage

eventSystem 16234 ORACLE_COMMON Oracle common System attempted

_OPERATION management to configure the
utility Oracle database

eventSystem 16235 SNMP_TEST_TRAP SNMP test trap System attempted

to send an SNMP
test trap

eventSystem 16236 DELETE_SIGNING_KEY Delete log System attempted

signing key to delete a log
signing key with
GUID “{3}”

eventSystem 16237 FLUSH_COMMAND_TARGET Flush command System flushed the

_CACHE target cache command target
cache

eventSystem 16238 FLUSH_COMMAND_TARGET Flush command System flushed a

_CACHE_ENTRY target cache entry command target
cache entry

2: RSA Authentication Manager Log Messages 139

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16239 CREATE_COMMAND_TARGET Create command System attempted

target to create a
command target
for trust “{4}”

eventSystem 16240 STORE_PWD_DIC Store password System attempted

dictionary to store the
password
dictionary

eventSystem 16241 ARCHIVE_LOG_FILE_SIGN Sign archive log An archive log

file batch job tried to
sign archive log
file “{3}”

eventSystem 16242 ARCHIVE_LOG_FILE_VERIFY Verify archive log An archive log

file signature batch job tried to
verify the
signature of file
“{3}”

eventSystem 16243 XML_SERIALIZER XML serializer XML serializer

_CONFIGURATION configuration tried to perform a
configuration

eventSystem 16244 XML_SERIALIZER XML serializer XML serializer

_INITIALIZING initializing tried to initialize
the engine

eventSystem 16245 XML_SERIALIZER_BEAN XML serializer XML serializer

_PARSING parsing failure failed to parse
bean structure for
class “{3}” ;
property “{4}”

eventSystem 16246 XML_SERIALIZER_PARSING XML serializer XML serializer

parsing failure failed to parse the
XML structure

eventSystem 16247 XML_SERIALIZER_CLASS XML serializer XML serializer

_LOADING class-loading failed to load class
failure “{3}”

eventSystem 16248 CLU_AUDIT_LOG_COPY Copy audit log Batch job

entries attempted to copy
CLU audit log
entries from table
“{3}”

140 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16249 SESSION_MAX_LIMIT Force session Session was

_FORCED_LOGOFF logoff terminated because
it exceeded the
maximum number
of sessions
allowed per
instance

eventSystem 16250 SESSION_USER_LIMIT Force session Session was

_FORCED_LOGOFF logoff terminated because
it exceeded the
maximum number
of sessions
allowed per user

eventSystem 16252 REGISTRY_INIT Initialize System attempted

_DEPLOYMENT_UUID deployment to initialize the
UUID deployment UUID

eventSystem 16253 PROCESS_SECURITY Processing System was

_QUESTIONS answers to processing the
security questions user's answers to
security questions

eventSystem 16254 REPLICATION_PROCESS Replication Replication

_STATUS process status propagation
process restarting
for scheduled
maintenance

eventSystem 16255 CONF_VALUE_DELETED Delete Administrator

configuration “{0}” deleted
configuration
parameter “{3}”
from scope “{4}” ;
value “{5}”. {6}

eventSystem 16256 CONF_VALUE_UPDATED Update Administrator

configuration “{0}” updated
configuration
parameter “{3}”
for scope “{4}” ;
value “{5}”. {6}

eventSystem 16257 SYNC_PROPERTIES Synchronize Synchronize

properties system properties.

2: RSA Authentication Manager Log Messages 141

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16274 DATABASE_BACKUP Database backup System attempted

to backup the
database

eventSystem 16258 UPDATE_BATCH_JOB_STATUS Update batch job System failed to

_ERROR status update batch job's
status

eventSystem 16276 OC_PROMOTE_REPLICA Promote replica Operations

to be primary via Console
OC administrator
“{0}” attempted to
promote a replica
instance to primary
instance

eventSystem 16277 OC_ADD_REPLICA Add replica to Operations

primary via OC Console
administrator
“{0}” attempted to
add replica
instance “{3}”

eventSystem 16278 OC_REMOVE_REPLICA Remove replica Operations

via OC Console
administrator
“{0}” attempted to
remove a replica
instance

eventSystem 16279 OC_ATTACH_REPLICA Attach detached Operations

replica via OC Console
administrator
“{0}” attempted to
reattach a replica
instance to the
primary instance

eventSystem 16280 OC_REPLICATION_STATUS View replication Operations

status via OC Console
administrator
“{0}” attempted to
view replication
status

142 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16281 OC_CLEAN_DEMOTED Clean demoted Operations

_PRIMARY primary via OC Console
administrator
“{0}” attempted to
clean the demoted
primary instance

eventSystem 16282 OC_ATTACH_DEMOTED Attach a demoted Operations

_PRIMARY primary instance Console
via OC administrator
“{0}” attempted to
attach a demoted
primary instance

eventSystem 16283 OC_CLEAN_DELETED Clean a replica Operations

_OFFLINE_REPLICA deleted when Console
offline via OC administrator
“{0}” attempted to
clean an offline
replica instance
that was
previously deleted

eventSystem 16284 OC_LIST_INSTANCES List all instances Operations

via OC Console
administrator
“{0}” attempted to
list all instances in
the deployment

eventSystem 16285 OC_SYNC_REPLICA Synchronize Operations

replica with Console
primary instances administrator
via OC “{0}” attempted to
synchronize all
replicas instances

eventSystem 16259 REPLICATION_LINK_STATUS Check replication System checked

status replicaton status
between the
primary {3} and
the replica {4} in
the direction {5}

2: RSA Authentication Manager Log Messages 143

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16260 REPLICATION_ARCHIVE_LOG Check replication System checked

_USAGE_CHECK archive log usage replication archive
log usage and
found {3} MB
used out of {4}
MB allocated

eventSystem 16261 BATCH_CLEANUP Clean up The system

_ORPHANED_PRINCIPALS unresolvable attempted to clean
_SKIP users and groups up unresolvable
principals ; but
was unable to
clean up user
“{3}” in identity
source “{4}”.

eventSystem 16262 BATCH_CLEANUP Clean up Cleanup of

_ORPHANED_PRINCIPALS unresolvable unresolvable users
_LIMIT_HIT users and groups was not possible.
Found {3} users ;
which exceeded
the automated
cleanup limit of
{4} users.

eventSystem 16263 FIND_PRINCIPAL_ACROSS Find user across System attempted

_IDENTITYSOURCE Identity Sources to find user “{0}”
across identity
sources

eventSystem 16264 MARK_FIND_PRINCIPAL System cannot User cannot be

_ACROSS_IDENTITYSOURCE process this found across
_FAILURE authentication identity sources.
request User “{3}” will
not be allowed to
authenticate for the
next 60 minutes.

eventSystem 16265 DETERMINE_RELATED Attempting to System cannot

_IDENTITY_SOURCE determine determine whether
whether the given identity source
identity sources “{3}” and identity
connect to the source “{4}” are
same directory connecting to the
server same directory
server.

144 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16266 SEARCH_PRINCIPALS Search users System attempted

to search users in
identity source
“{3}”

eventSystem 16286 READ_SECURITY Read security Administrator

_QUESTIONS_LIST questions list “{0}” attempted to
read security
questions list
“{4}”

eventSystem 16287 RBA_USER_COUNT RBA user count System attempted

to count the
number of RBA
users

eventSystem 16288 AA_OFFLINE_TASK AA offline task System attempted

to run AA offline
task

eventSystem 16289 RBA_DEVICE_MANAGEMENT RBA device System attempted

management to cleanup expired
and over the limit
user devices

eventSystem 16290 STOP_SERVICE Stop service Attempting to stop

service “{3}”

eventSystem 16291 START_SERVICE Start Service Attempting to start

service “{3}”.

eventSystem 16294 IDENTITY_SOURCE_GET Failed to connect Cannot process

_CONNECTION_FAILED to identity source requests that need
access to identity
source “{3}”. The
identity source is
currently
unreachable.

2: RSA Authentication Manager Log Messages 145

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16295 TRACK_USER_MOVE_IN System cannot The user''s

_REPLICA_FAILED process this distinguished
_REACHING_PRIMARY authentication name has changed.
request Cannot contact
primary instance to
update the
user.Authenticatio
n requests from
“{3}” to this
instance will not
be successful until
primary updates
the user.

eventSystem 16296 TRACK_USER_MOVE_IN System cannot The user''s

_REPLICA_FAILED process this distinguished
authentication name has changed.
request Either the primary
could not update
the user or the
primary cannot be
contacted.
Authentication
requests from
“{3}” to this
instance will not
be successful until
primary updates
the user.

eventSystem 16297 BUILD_RELATED_IDENTITY System cannot System cannot

_SOURCE_CACHE_FAILED initialize related initialize related
identity source identity sources for
cache identity source
“{3}”

eventSystem 16298 UNABLE_LOOKUP_NAMING System cannot System cannot

_CONTEXTS_ROOT_DSE lookup directory lookup directory
server''s root DSE server''s root DSE
attributes attributes for
identity source
“{3}”

146 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16299 UPDATE_PRINCIPAL_FOR Update principal System attempted

_LDAP_CHANGE to update principal
“{3}” based on
changes made in
identity source
“{4}”

eventSystem 16300 CREATE_BACKUP_ORIG Create Backup Created backup in

_PRIMARY the original
primary instance at
“{3}”

eventSystem 16301 PRINCIPAL_WITH Duplicate user ID User ID “{3}”

_DUPLICATE_USERID user found already exists.
User IDs must be
unique within an
identity source

eventSystem 16302 INVALID_PRINCIPAL Invalid user state User ID “{3}”

already exists.
User IDs must be
unique within an
identity source

eventSystem 16303 IMPORT_BACKUP Import Backup Importing backup

_PROMOTED_REPLICA on the promoted
Replica instance
from the following
location “{3}”

eventSystem 16304 TRANSFER_BACKUP Transfer Backup Transferred

_PROMOTED_REPLICA backup “{3}” to
the promoted
Replica instance

eventSystem 16317 CREATE_RBA_POLICY Create RBA Administrator

policy “{0}” attempted to
create an RBA
policy

eventSystem 16318 DELETE_RBA_POLICY Delete RBA Administrator

policy “{0}” attempted to
delete RBA policy
“{4}”

2: RSA Authentication Manager Log Messages 147

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16319 UPDATE_RBA_POLICY Update RBA Administrator

policy “{0}” attempted to
update RBA policy
“{4}”

eventSystem 16320 READ_RBA_POLICY Read RBA policy Administrator

“{0}” attempted to
read RBA policy
“{4}”

eventSystem 16321 UNLINK_SECURITY_DOMAIN Unlink policies Administrator

_RBA_POLICY from security “{0}” attempted to
domain unlink the RBA
policy from
security domain
“{3}”

eventSystem 16322 AA_MAINTENANCE_TASK AA maintenance System attempted

task to run AA
maintenance task
procedure “{0}”

eventSystem 16323 RBA_AUTHN_ATTEMPT Risk Based User attempted to

Authentication authenticate via
attempt RBA

eventSystem 16324 UPDATE_SECURITY update security Administrator

_QUESTIONS_LIST questions list “{0}” attempted to
read security
questions list
“{4}”

eventSystem 16325 CREATE_SECURITY_DOMAIN Create Security Administrator

_MAPPING Domain mapping “{0}” attempted to
create security
domain mapping
for identity source
“{3}”

eventSystem 16326 READ_SECURITY_DOMAIN Read Security Administrator

_MAPPING Domain mapping “{0}” attempted to
read security
domain mapping
for identity source
“{3}”

148 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16327 UPDATE_SECURITY_DOMAIN Update Security Administrator

_MAPPING Domain mapping “{0}” attempted to
update security
domain mapping
for identity source
“{3}”

eventSystem 16328 DELETE_SECURITY_DOMAIN Delete Security Administrator

_MAPPING Domain mapping “{0}” attempted to
delete security
domain mapping
for identity source
“{3}”

eventSystem 16329 READ_ACTIVE_USERS Unable to read System failed to

active users from read the licensed
the system number of active
configuration users from the
system
configuration

eventSystem 16330 REGISTRY_INSTANCE_MOST Getting last System attempted

_RECENT_UPDATE_TIME instance update to get last instance
time update time

eventSystem 16331 FILE_SERVICE_CREATE_FILE Creating new file Administrator

for upload service attempted to create
new file for upload
service

eventSystem 16332 FILE_SERVICE_DELETE_FILE Deleting Administrator

uploaded file attempted to delete
uploaded file

eventSystem 16333 FILE_SERVICE_APPEND_FILE Appending data Administrator

to file for upload attempted to
append data to
upload file

eventSystem 16334 FILE_SERVICE_OPEN_FILE Opening Administrator

uploaded file attempted to open
uploaded file

eventSystem 16335 WEBTIER_BIZTIER_TIME Web-tier time not Web-tier time is

_NOT_IN_SYNC in sync not in sync with
biz-tier server

2: RSA Authentication Manager Log Messages 149

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16336 CONN_POOL_OFFLINE All connection All connection

pools failed pools for “{3}”
failed

eventSystem 16337 CREATE_DATABASE_BACKUP Create Backup Create backup of

internal database at
“{3}”

eventSystem 16338 RESTORE_DATABASE Restore database Restore backup of

_BACKUP internal database
from “{3}”

eventSystem 16339 LICENSE_INVALID_SIGNING Invalid license System does not

_MATERIAL signing material recognize license
signing material

eventSystem 16340 IMPORT_SECRETS Import secrets Import contents of

the
password-protecte
d file into the
system fingerprint.

eventSystem 16341 EXPORT_SECRETS Export secrets Export contents of

the system
fingerprint to the
password-protecte
d file.

eventSystem 16342 RECOVER_SECRETS Recover secrets Recover the

system fingerprint.

eventSystem 16343 CHANGE_SECRETS_MASTER Change master Change the master

_PASSWORD password password for the
system fingerprint.

eventSystem 16344 MANAGE_SSL_CERT_IMPORT Import certificate Import the

certificate “{3}”
into the keystore
“{4}”.

eventSystem 16345 MANAGE_SSL_CERT_CONFIG Configure server Configure the

_SERVER server “{3}” to use
the new private
key alias and
password.

150 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16346 OC_CREATE_IDENTITY Create identity Operations

_SOURCE source Console
administrator
“{0}” attempted to
create an identity
source “{3}” using
Super Admin
credentials of
“{4}”.

eventSystem 16347 OC_DELETE_IDENTITY Delete identity Operations

_SOURCE source Console
administrator
“{0}” attempted to
delete an identity
source “{3}” using
Super Admin
credentials of
“{4}”.

eventSystem 16348 OC_UPDATE_IDENTITY Update identity Operations

_SOURCE source Console
administrator
“{0}” attempted to
update an identity
source “{3}” using
Super Admin
credentials of
“{4}”.

eventSystem 16349 COPY_DATABASE_LOGS Copy database System attempted

logs to copy database
audit logs from
external database
to internal
database.

eventSystem 16350 CRITICAL_NOTIFICATION Critical System System ecountered

Event a critical event.
Notification

eventSystem 16351 DELETE_JOB_RESTRICTED Delete batch job Administrator

_TO_NON_EXISTING restircted to “{0}” attempted to
_INSTANCE non-existing delete job
instance restricted to
non-existing
instance “{3}”

2: RSA Authentication Manager Log Messages 151

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 16352 REGISTRY_INSTANCE Look up instance Administrator

_VERSION_LOOKUP version “{0}” attempted to
read an instance's
version

eventSystem 16353 REGISTRY_INSTANCE Update instance System attempted

_VERSION_UPDATE version to update the
version for the
instance “{3}”

eventSystem 16354 UPDATE_WEBTIER Update Webtier Administrator

_CUSTOMIZATION Customization “{0}” attempted to
update Webtier
Customization
Configuration

eventSystem 16355 READ_WEBTIER Read Webtier Administrator

_CUSTOMIZATION Customization “{0}” attempted to
read Webtier
Customization
Configuration

eventSystem 26001 AUTHMGR_BEAN_CONVERT Convert Bean Administrator

“{0}” attempted to
convert one bean
to other

eventSystem 26002 AUTHMGR_AGENT_CREATE Create Agent Administrator

“{0}” attempted to
create an AM
agent

eventSystem 26003 AUTHMGR_AGENT_DELETE Delete Agent Administrator

“{0}” attempted to
delete an AM
agent

eventSystem 26004 AUTHMGR_AGENT_ENABLE Enable Agent Administrator

“{0}” attempted to
enable an AM
agent

eventSystem 26005 AUTHMGR_AGENT_READ Read Agent Administrator

“{0}” attempted to
read an AM agent

152 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26006 AUTHMGR_AGENT_UPDATE Update Agent Administrator

“{0}” attempted to
update an AM
agent

eventSystem 26007 AUTHMGR_APS_LIST Read Agent Administrator

_CONFIG_READ Protocol Server “{0}” attempted to
List Config read Agent
Protocol Server list
config “{3}”

eventSystem 26008 UPDATE_AM_PRINCIPAL Update AM Administrator

Principal “{0}” attempted to
update principal

eventSystem 26009 EXPORT_SOFT_TOKEN Export Soft Administrator

Token “{0}” attempted to
export soft token

eventSystem 26010 IMPORT_TOKEN Import Token Administrator

“{0}” attempted to
import token

eventSystem 26011 PROCESS_REFERENTIAL Process Administrator

_INTEGRITY_MESSAGES Referential “{0}” attempted to
Integrity Message process referential
integrity message

eventSystem 26012 READ_AGENT Read Agent Administrator

“{0}” attempted to
read agent

eventSystem 26013 READ_AM_PRINCIPAL Read AM Administrator

Principal “{0}” attempted to
read AM principal

eventSystem 26014 READ_AM_TOKEN Read Token Administrator

_EMERGENCY_ACCESS_INFO Emergency “{0}” attempted to
Access Info read token
emergency access

eventSystem 26015 READ_OA_POLICY Read Offline Attempted to read

Authentication offline
Policy authentication
policy

2: RSA Authentication Manager Log Messages 153

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26016 LOCATE_REALM_DEFAULT Locate Realm Administrator

_OA_POLICY Default Offline “{0}” attempted to
Authentication locate realm
Policy default offline
authentication
policy

eventSystem 26017 READ_REPLACEMENT Read Administrator

_TOKEN Replacement “{0}” attempted to
Token read replacement
token

eventSystem 26018 READ_SERVER_CONFIG Read Server Attempted to read

Configuration server
configuration

eventSystem 26019 READ_SERVER_LIST Read Server List Attempted to read

server list

eventSystem 26020 READ_TOKEN Read Token Attempted to read

token

eventSystem 26021 SYNC_TOKENS Sync Token Administrator

“{0}” attempted to
sync token “{3}”

eventSystem 26022 UPDATE_AM_TOKEN Update Token Administrator

_OFFLINE_EMERGENCY Offline “{0}” attempted to
_ACCESS_INFO Emergency update token
Access Info offline emergency
access

eventSystem 26023 CONNECTION_ERROR Socket Error occurred

Connection Error while
communicating
with remote host
“{3}”:“{4}”.
Socket is locally
bound to
“{5}”:“{6}”

eventSystem 26024 INIT_WPCODE_MATCHER Init WPCODE Attempted to

Matcher initialize the
WPCODE matcher

154 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26025 NEXT_AVAILABLE_AM Get Next Administrator

_TOKEN Available Token “{0}” attempted to
get the next
available token

eventSystem 26026 SEARCH_AM_TOKEN Search Token Administrator

“{0}” attempted to
search token

eventSystem 26027 VALIDATE_NEW_PIN Validate New PIN Attempted to

validate the new
PIN

eventSystem 26028 VALIDATE_NEXT Validate Next Attempted to

_TOKENCODE Tokencode validate the next
tokencode

eventSystem 26029 VALIDATE_PASSCODE Validate Passcode Attempted to

validate the
passcode

eventSystem 26030 AUTH_AGENT_LOOKUP Auth Agent Administrator

Lookup “{0}” attempted to
lookup an auth
agent

eventSystem 26031 READ_AGENT_ACTIVATED Read Agent Administrator

_GROUPS Activated Groups “{0}” attempted to
read agent
activated groups

eventSystem 26032 READ_TOKEN_POLICY Read Token Attempted to read

Policy token policy

eventSystem 26033 LOCATE_REALM_DEFAULT Locate Realm Administrator

_TOKEN_POLICY Default Token “{0}” attempted to
Policy locate realm
default token
policy

eventSystem 26034 VALIDATE_NEW_STATIC Validate New Attempted to

_PASSCODE Static Passcode validate the new
static passcode

eventSystem 26035 LOOKUP_OBJECT Lookup Object Administrator

“{0}” attempted to
lookup object

2: RSA Authentication Manager Log Messages 155

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26036 SESSION_CREATE Create Session Administrator

“{0}” attempted to
create session

eventSystem 26037 SYSTEM_DEFAULT_POLICY System Default System default

_MISCONFIGURED Policy policy is
Misconfigured misconfigured

eventSystem 26038 UPDATE_AM_TOKEN Update Token Administrator

“{0}” attempted to
update token

eventSystem 26039 AM_LINK_TOKEN_PRINCIPAL Link Token To Administrator

Principal “{0}” attempted to
link token to
principal

eventSystem 26040 GET_REG_USERS Get Registered Administrator

Users “{0}” attempted to
get registered users

eventSystem 26041 ADJUDICATOR_CLOCK Clock Setback Detected clock

_SETBACK Detected setback ;
current:“{3}”
expected:“{4}”

eventSystem 26042 ADJUDICATOR_PROCESS Adjudicator Attempted to

Processing process
adjudicator request

eventSystem 26043 ADJUDICATOR Adjudicator Attempted to

_CONFIGURATION Configuration initialize
adjudicator
configuration

eventSystem 26044 ADJUDICATOR_FAILOVER Adjudicator Adjudicator

_CONFIGURATION Failover Failover
Configuration configured for
instance {3} using
this order: {4}

eventSystem 26045 ADJUDICATOR_TIME_CHECK Time Attempted Time

Synchronization Synchronization ;
Processing correct time:“{3}”

eventSystem 26046 ADJUDICATOR_FAILOVER Adjudicator Adjudicator

Failover Event Failover Event at
node “{3}”

156 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26047 SESSION_MODIFICATION Session Attempted to

Modification modify session

eventSystem 26048 AGENT_REQUEST_HANDLE Agent Request Attempted to

Handle handle an agent
request

eventSystem 26049 AGENT_PACKET_RETRIEVE Agent Packet Attempted to

Retrieve retrieve an agent
packet “{3}”

eventSystem 26050 AGENT_RESPONSE_SEND Agent Response Attempted to send

Send queued results
back to agent

eventSystem 26051 GENERATE_REPORT Generate Report Administrator

“{0}” attempted to
generate report

eventSystem 26052 AUTHMGR_APS_LIST Update Agent Administrator

_UPDATE Protocol Server “{0}” attempted to
List update agent
protocol server list

eventSystem 26053 AUTHMGR_APS Agent Protocol Administrator

_SYNCHRONIZATION Server “{0}” attempted to
Synchronization synchronize agent
protocol servers

eventSystem 26054 AUTHMGR_HOST_DELETE Delete Host Administrator

“{0}” attempted to
delete host

eventSystem 26055 AUTHMGR_APS_DELETE Delete Agent Administrator

Protocol Server “{0}” attempted to
delete Agent
Protocol Server

eventSystem 26056 AUTHMGR_REALM Delete Predeleted Administrator

_PREDELETE_TOKEN Token Attributes “{0}” attempted to
_ATTR_DELETE delete attributes
for predeleted
token

eventSystem 26057 AUTHMGR_REALM Delete Predeleted Administrator

_PREDELETE_TOKEN Realm Token “{0}” attempted to
_DELETE delete token for
predeleted instance

2: RSA Authentication Manager Log Messages 157

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26058 AUTHMGR_REALM Delete Predeleted Administrator

_PREDELETE_HOST_DELETE Realm Host “{0}” attempted to
delete host of
predeleted Realm

eventSystem 26059 AUTHMGR_REALM Delete Predeleted Administrator

_PREDELETE_AGENT Realm Agent “{0}” attempted to
_DELETE delete agent of
predeleted Realm

eventSystem 26060 AUTHMGR_SD_PREDELETE Validate Predelete Administrator

_VALIDATION “{0}” attempted to
validate predeleted
security domain
properties

eventSystem 26061 CTKIP_SERVICE_PROCESS CTKIP Service Attempted to

_REQUEST Process Request process CTKIP
request

eventSystem 26062 AUTHMGR_REALM_ADD Add Realm Administrator

“{0}” attempted to
add realm

eventSystem 26063 OA_SERVER_START Offline Attempted to start

Authentication the offline
Service Startup authentication
service

eventSystem 26064 APS_SERVER_START Start Agent Attempted to start

Protocol Server the agent protocol
server

eventSystem 26065 AUTHMGR_SERVER Start UDP Server Attempted to start

_STARTUP the UDP server

eventSystem 26066 AUTHMGR_AGENT_LINK Link Agent With Administrator

_APSLIST Agent Protocol “{0}” attempted to
Server List link agent with
agent protocol
server list

eventSystem 26067 EXECUTE_SCRIPT Execute Script Attempted to

execute script

eventSystem 26068 TCP_SERVER_STARTUP Started TCP u201c{3}” started

Server on port -- “{4}”
“{5}”

158 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26069 TCP_SERVER_SHUTDOWN Shutdown TCP u201c{3}” is

Server shutting down on
port -- “{4}”

eventSystem 26070 UDP_SERVER_STARTUP Started UDP u201c{3}” started

Server on port -- “{4}”

eventSystem 26071 UDP_SERVER_SHUTDOWN Shutdown UDP u201c{3}” is

Server shutting down on
port -- “{4}”

eventSystem 26072 ADJUDICATOR_SERVICE Started Adjudicator

_STARTUP Adjudicator service started
Service with {3} nodes

eventSystem 26073 ADJUDICATOR_SERVICE Shutdown Adjudicator

_SHUTDOWN Adjudicator service is shutting
Service down

eventSystem 26074 SQLPLUS_COMMAND Execute Attempted to

SQL*Plus execute a
Command SQL*Plus
command

eventSystem 26075 TRUSTED_USER_GROUP Create a trusted Attempted to

_CREATE user group create a trusted
user group

eventSystem 26076 TRUSTED_USER_GROUP Look up a trusted Attempted to look

_READ user group up a trusted user
group

eventSystem 26077 TRUSTED_USER_GROUP Update a trusted Attempted to

_UPDATE user group update a trusted
user group

eventSystem 26078 TRUSTED_USER_GROUP Delete a trusted Attempted to

_DELETE user group delete a trusted
user group

eventSystem 26079 SYS_REMOTE_PRINCIPAL Create a remote Attempted to

_CREATE principal create a remote
principal

eventSystem 26080 SYS_REMOTE_PRINCIPAL Look up a remote Attempted to look

_READ principal up a remote
principal

2: RSA Authentication Manager Log Messages 159

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26081 SYS_REMOTE_PRINCIPAL Update a remote Attempted to

_UPDATE principal update a remote
principal

eventSystem 26082 SYS_REMOTE_PRINCIPAL Delete a remote Attempted to

_DELETE principal delete a remote
principal

eventSystem 26083 AUTHMGR_TRUST Validate Predelete Administrator

_PREDELETE_VALIDATION “{0}” attempted to
validate predeleted
trust properties

eventSystem 26085 CREATE_AM_PRINCIPAL Create AM Attempted to

Principal create AM
Principal for
Principal with
“{1}”.

eventSystem 26086 LOCATE_SMS Locate Attempted to

_AUTHENTICATOR On-Demand locate On-Demand
Authenticator Authenticator for
On-Demand-enabl
ed Principal “{1}”.

eventSystem 26087 LOCATE_SMS Locate Attempted to

_AUTHENTICATOR_COUNT On-Demand locate On-Demand
Authenticator Authenticator
Count Count.

eventSystem 26088 DISPATCH_MESSAGE Dispatch message Attempted to

dispatch a message

eventSystem 26089 MESSAGE_PROCESSOR Start Message Attempted to start

_START Processor the message
processor: “{4}”

eventSystem 26090 MESSAGE_PROCESSOR Stop Message Attempted to stop

_STOP Processor the message
processor: “{4}”

eventSystem 26091 MESSAGE_PROCESSOR_DROP Message Dropped message:

_MESSAGE Processor Drop “{4}”
Message

160 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26092 TRANSMIT_TXT_MSG_SMTP SMTP Attempted to

Transmission transmit text
message via SMTP
plugin

eventSystem 26093 TRANSMIT_TXT_MSG_SMS SMS Attempted to

Transmission transmit text
message to “{3}”
via “{4}” SMS
plugin

eventSystem 26094 LOOKUP_AUTH_METHOD Authentication Attempted to

Method Lookup locate
authentication
method data

eventSystem 26095 MESSAGE_HANDLER Message Handler Attempted to

_HANDLE_MESSAGE Handle Message handle message:
“{4}”

eventSystem 26096 REFRESH_TRANSMISSION Refresh Attempted to

_PLUGINS Droppable refresh droppable
Transmission transmission
Plugins plugins

eventSystem 26097 AM_ENABLE_PRINCIPAL_FOR Enabled Principal Attempted to

_SMS for On-Demand enable principal
Authentication for On-Demand
Authentication

eventSystem 26098 AM_DISABLE_PRINCIPAL Disabled Attempted to

_FOR_SMS Principal for disable principal
On-Demand for On-Demand
Authentication Authentication

eventSystem 26099 AM_UPDATE_SMS_FOR Updated Attempted to

_PRINCIPAL On-Demand update
Authentication On-Demand
Attributes for Authentication for
Principal principal

eventSystem 26100 AM_SEARCH_SMS Searched for Attempted to

_AUTHENTICATORS On-Demand search
Authentication On-Demand
Attributes for Authentication
Principals Attributes for
principals

2: RSA Authentication Manager Log Messages 161

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26101 CLEANUP_EXPIRED Cleanup Expired Batch job cleaned

_AUTHENTICATORS_JOB On-Demand up expired
Authenticators On-Demand
Batch Job authenticators.
Total number of
deleted
authenticators:

eventSystem 26102 SMS_CLICKATELL_API SMS Clickatell Attempted to keep

_CONNECTION_KEEP_ALIVE API connection alive the
keep-alive connection to the
Clickatell API

eventSystem 26103 AM_UPDATE_SMS Update Attempted to

_CONFIGURATION On-Demand update the
Configuration On-Demand
Configuration

eventSystem 26104 CLEANUP_EXPIRED Cleanup Expired Unexpected

_AUTHENTICATORS_JOB On-Demand exception while
_FAILURE Authenticators attempting to clean
Batch Job up On-Demand
authenticators.
Skipping
authenticator for
principal “{1}”.

eventSystem 26105 SMS_CLICKATELL_SSL Initialize Failure while

_INITIALIZATION_FAILURE Clickatell plugin initializing SSL
connection to
Clickatell.
Message
transmissions may
fail.

eventSystem 26106 ADJUDICATOR_REHOMING User Home Node Attempted User

rebalance Home Node
processing rebalance
processing

eventSystem 26107 ADJUDICATOR_INSTANCE Adjudicator Adjudicator

_CONFIGURATION Instance Instance
configuration \u201c{3}\u201d
data processing configuration data
procesing
attempted

162 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26108 ON_DEMAND_LOGIN On-Demand Unexpected error

_FAILURE authentication occured while
processing processing
On-Demand
authentication
attempt for
principal
\u201c{3}\u201d

eventSystem 26109 HEALTH_MONITOR_STARTUP Database health Major error

_FAILURE monitor startup occured while
starting up
database health
monitor. Agent
failover will not
work correctly.

eventSystem 26110 SDCONF_GENERATE Generate agent Unable to locate

_FAILURE configuration file primary server.
Rebalancing
contact lists may
resolve this issue.

eventSystem 26111 OC_RESTORE_BACKUP Restore system Operations

from backup via Console
OC administrator
“{0}” attempted to
restore {7} from a
backup. Location:
“{3}” ; version:
{4}

eventSystem 26112 OC_CONFIG_BACKUP Configure backup Operations

_RESTORE and restore via Console
OC administrator
“{0}” attempted to
configure backup
and restore

eventSystem 26113 OC_CREATE_BACKUP Create backup via Operations

OC Console
administrator
“{0}” attempted to
create a backup at
“{3}”

2: RSA Authentication Manager Log Messages 163

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26114 OC_LIST_BACKUPS List backups via Operations

OC Console
administrator
“{0}” attempted to
list all backups

eventSystem 26115 OC_CONFIGURE_UPDATES Configure Operations

updates via OC Console
administrator
“{0}” attempted to
configure updates

eventSystem 26116 OC_MANUAL_SCAN Scan updates via Operations

_UPDATES OC Console
administrator
“{0}” attempted to
scan for updates

eventSystem 26117 OC_LIST_UPDATES List updates via Operations

OC Console
administrator
“{0}” attempted to
list updates

eventSystem 26118 OC_DOWNLOAD_RELEASE Download release Operations

_NOTES notes via OC Console
administrator
“{0}” attempted to
download release
notes

eventSystem 26119 OC_APPLY_UPDATES Apply updates via Operations

OC Console
administrator
“{0}” attempted to
apply updates

eventSystem 26120 OC_LIST_UPDATE List update or Operations

_ROLLBACK_LOG_FILES rollback log files Console
via OC administrator
“{0}” attempted to
list update or
rollback log files

164 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26121 OC_LIST_ROLLBACK List available Operations

rollbacks via OC Console
administrator
“{0}” attempted to
list available
rollbacks

eventSystem 26122 OC_CONFIGURE_SSH Configure SSH Operations

via OC Console
administrator
“{0}” attempted to
configure SSH

eventSystem 26123 OC_CONFIG_SYSTEM Configure system Operations

_NETWORK_SETTING network settings Console
via OC administrator
“{0}” attempted to
configure system
network settings

eventSystem 26124 OC_LIST_NIC List existing Operations

NICs via OC Console
administrator
“{0}” attempted to
list existing NICs

eventSystem 26125 OC_CONFIGURE_PRI_NIC Configure Operations

primary NIC via Console
OC administrator
“{0}” attempted to
configure primary
NIC

eventSystem 26126 OC_SNMP_CONFIG Configure SNMP Operations

via OC Console
administrator
“{0}” attempted to
configure SNMP

eventSystem 26127 OC_DOWNLOAD_MIB_FILE Download MIB Operations

file via OC Console
administrator
“{0}” attempted to
download MIB file

2: RSA Authentication Manager Log Messages 165

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26128 OC_CONFIGURE_LOGGING Configure Operations

logging via OC Console
administrator
“{0}” attempted to
configure logging

eventSystem 26129 OC_LIST_APP_SYS_LOGS List appliance or Operations

system logs via Console
OC administrator
“{0}” attempted to
list appliance or
system logs

eventSystem 26130 OC_DOWNLOAD_APP_SYS Download Operations

_LOGS appliance or Console
system logs via administrator
OC “{0}” attempted to
download
appliance or
system logs

eventSystem 26131 OC_DOWNLOAD_UPDATE Download update Operations

_LOG_FILE log file via OC Console
administrator
“{0}” attempted to
download update
log file

eventSystem 26132 OC_DELETE_UPDATE_LOG Delete update log Operations

_FILE file via OC Console
administrator
“{0}” attempted to
delete update log
file

eventSystem 26133 OC_DOWNLOAD_ROLLBACK Download Operations

_LOG_FILE rollback log file Console
via OC administrator
“{0}” attempted to
download rollback
log file

166 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26134 OC_DELETE_ROLLBACK Delete rollback Operations

_LOG_FILE log file via OC Console
administrator
“{0}” attempted to
delete rollback log
file

eventSystem 26135 OC_PERFORM_ROLLBACK Perform rollback Operations

via OC Console
administrator
“{0}” attempted to
rollback

eventSystem 26136 OC_REBOOT_APPLIANCE Reboot appliance Operations

via OC Console
administrator
“{0}” attempted to
reboot appliance

eventSystem 26137 OC_CONFIGURE_SEC_NIC Configure Operations

secondary NIC Console
via OC administrator
“{0}” attempted to
configure
secondary NIC

eventSystem 26138 OC_DELETE_RADIUS Delete RADIUS Operations

_SERVER server via OC Console
administrator
“{0}” attempted to
delete RADIUS
server with Super
Admin credentials
of “{3}”.

eventSystem 26139 OC_STOP_RADIUS_SERVER Stop RADIUS Operations

server via OC Console
administrator
“{0}” attempted to
stop RADIUS
server with Super
Admin credentials
of “{3}”.

2: RSA Authentication Manager Log Messages 167

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26140 OC_EDIT_DICT_RADIUS Edit RADIUS Operations

_SERVER dictionary file Console
administrator
“{0}” attempted to
edit RADIUS
server dictionary
file “{4}” with
Super Admin
credentials of
“{3}”.

eventSystem 26141 OC_START_RADIUS_SERVER Start RADIUS Operations

server Console
administrator
“{0}” attempted to
start RADIUS
server with Super
Admin credentials
of “{3}”.

eventSystem 26142 OC_PROMOTE_RADIUS Promote replica Operations

_SERVER RADIUS server Console
administrator
“{0}” attempted to
promote RADIUS
server with Super
Admin credentials
of “{3}”.

eventSystem 26143 OC_LIST_DICT_RADIUS List RADIUS Operations

_SERVER server dictionary Console
files administrator
“{0}” attempted to
list RADIUS
server dictionaries
with Super Admin
credentials of
“{3}”.

168 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26144 OC_LIST_CONFIG_RADIUS List RADIUS Operations

_SERVER configuration Console
files administrator
“{0}” attempted to
list RADIUS
server
configuration files
with Super Admin
credentials of
“{3}”.

eventSystem 26145 OC_EDIT_CONFIG_RADIUS Edit RADIUS Operations

_SERVER server Console
configuration file administrator
“{0}” attempted to
edit RADIUS
server
configuration file
“{4}” with Super
Admin credentials
of “{3}”.

eventSystem 26146 OC_RADIUS_TRUSTED_ROOT Enable Disable Operations

_CERTS_REP trusted root Console
certificate for administrator
replication “{0}” attempted to
“{4}” trusted root
certificate for
replication with
Super Admin
credentials of
“{3}”.

eventSystem 26147 OC_RADIUS_LIST_TRUSTED List RADIUS Operations

_ROOT_CERTS server trusted root Console
certificates administrator
“{0}” attempted to
list trusted root
certificates with
Super Admin
credentials of
“{3}”.

2: RSA Authentication Manager Log Messages 169

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26148 OC_RADIUS_ADD_TRUSTED Add trusted root Operations

_ROOT_CERT certificate Console
administrator
“{0}” attempted to
add trusted root
certificate with
Super Admin
credentials of
“{3}”.

eventSystem 26149 OC_RADIUS_REPLACE Replace RADIUS Operations

_SERVER_CERT server certificate Console
administrator
“{0}” attempted to
replace RADIUS
server certificate
with Super Admin
credentials of
“{3}”.

eventSystem 26150 OC_RADIUS_DELETE Delete RADIUS Operations

_TRUSTED_CERT trusted root Console
certificate administrator
“{0}” attempted
to delete RADIUS
server trusted
certificate with
Super Admin
credentials of
“{3}”.

eventSystem 26151 CREATE_BACKUP Create Backup The system

attempted to create
a backup.

eventSystem 26155 RBA_LOAD_INTEGRATION Load RBA The system tried to

_SCRIPT_TEMPLATE integration script load the RBA
template integration script
template located at
“{3}”

eventSystem 26156 START_RADIUS Start RADIUS System is starting

_REPLICATION_TIMER replication timer the RADIUS
replication timer

170 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26157 STOP_RADIUS_REPLICATION Stop RADIUS System is stopping

_TIMER replication timer the RADIUS
replication timer

eventSystem 26158 MODIFY_RADIUS Modify settings System is

_REPLICATION_TIMER for RADIUS modifying the
replication timer RADIUS
replication timer
settings

eventSystem 26159 DISABLE_REPLICATION_FOR Disabling Administrator

_RADIUS_SERVER replication for a “{0}” attempted to
RADIUS server disable replication
is no longer for a RADIUS
supported. server

eventSystem 26160 OC_SSH_UPDATE Update SSH state Operations

using the OC Console
administrator
“{0}” attempted to
update SSH state
to “{3}”.

eventSystem 26161 DELETE_AGED_BACKUP Delete aged Backup Scheduler

backup file attempted to delete
an aged backup at
“{3}”

eventSystem 26162 OC_SCHEDULE_BACKUP Skipped Scheduled backup

_SKIPPED Scheduled is skipped due to
backup another system
maintenance task
is in progress

eventSystem 26163 OC_SCHEDULE_BACKUP Schedule backup Operations

via OC Console
administrator
“{0}” attempted to
schedule a backup

eventSystem 26164 OC_SCHEDULE_CREATE Create backup via Operations

_BACKUP OC scheduled job Console Backup
Scheduler Job
attempted to create
a backup at “{3}”

2: RSA Authentication Manager Log Messages 171

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26165 INSTANCE_HOST_REFRESH Instance Host Attempted to

Entry Refresh on refresh the
Application instance host entry
Startup and synchronize
server lists

eventSystem 26166 AUTOMATIC_RADIUS Automatic Attempted to

_SERVER_CONFIG RADIUS Server automatically
Configuration configure the
RADIUS Server
for the Instance
“{0}”

eventSystem 26167 OC_DELETE_BACKUP_FILE Delete backup Operations

file via OC Console
administrator
“{0}” attempted to
delete a backup at
“{3}”

eventSystem 26168 OC_EDIT_HOSTS_FILE Edit Appliance Operations

Hosts file Console
administrator
“{0}” attempted to
edit the Appliance
OS hosts file with
Super Admin
credentials of
“{3}”.

eventSystem 26169 OC_NSLOOKUP Execute Name Operations

Server LookUp Console
Command administrator
“{0}” attempted to
execute nslookup.

eventSystem 26170 OC_OS_PASSWORD_CHANGE Change the Operations

Operating System Console
User Password administrator
“{0}” attempted to
change the
operating system
user pasword.

172 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26171 OC_ENABLE_SSH Enable SSH state Operations

using the OC Console
administrator
“{0}” attempted to
enable SSH.

eventSystem 26172 OC_DISABLE_SSH Disable SSH state Operations

using the OC Console
administrator
“{0}” attempted to
disable SSH.

eventSystem 26173 AM_WEBTIER_PACK Pack latest Web Pack latest Web

Tier Tier Configuration
Configuration Version {0}

eventSystem 26174 AM_WEBTIER_DOWNLOAD Download latest Download latest

Web Tier Web Tier
Configuration Configuration
Version: {0} ; data
index: {1}

eventSystem 26175 AUTHMGR_UPDATE Update Firewall Attempted to

_FIREWALL_RADIUS_PORTS on RADIUS update the firewall
Server Port rules after a
Change RADIUS Server
port change.

eventSystem 26176 AUTHMGR_UPDATE Update Firewall Attempted to

_FIREWALL_APS on Authentication update the firewall
Services Port rules after
Change authentication
services port
change.

eventSystem 26177 AUTHMGR_UPDATE Update Firewall Attempted to

_FIREWALL_XREALM on Legacy update the firewall
Trusted Realm rules after a legacy
Port Change trusted realm port
change.

2: RSA Authentication Manager Log Messages 173

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26178 OC_RESTART_RADIUS Restart RADIUS Operations

_SERVER server Console
administrator
“{0}” attempted to
restart RADIUS
server with Super
Admin credentials
of “{3}”.

eventSystem 26179 OC_ADD_RADIUS Add a new Operations

_DICTIONARY RADIUS Console
dictionary file administrator
“{0}” attempted to
add a new
RADIUS
dictionary “{4}”
with Super Admin
credentials of
“{3}”.

eventSystem 26180 OC_OVERWRITE_RADIUS Overwrite an Operations

_DICTIONARY existing RADIUS Console
dictionary file administrator
“{0}” attempted to
overwrite an
existing RADIUS
dictionary “{4}”
with Super Admin
credentials of
“{3}”.

eventSystem 26181 AUTHMGR_CHECK_TRUSTS Check the Check the existing

_BEFORE_UPDATE existing trusts for trusts before
_FIREWALL_XREALM updating the updating the
firewall rules firewall rules on a
legacy trusted
realm port change.

eventSystem 26182 AUTOMATIC_REALM Automatic Attempted to

_CERTIFICATES_REMOVAL REALM remove realm
Certificates certificates after
removal on hostname change
hostname change to “{0}”

eventSystem 26183 AM_SYSTEM_START Start Replica Attempted to start

_REPLICA_ATTACH Attach attaching the
replica “{3}”

174 2: RSA Authentication Manager Log Messages

 RSA Authentication Manager 8.2 Troubleshooting Guide

Event Category Action ID Action Key Description Message

eventSystem 26184 AM_GET_DEPLOYMENT Get Deployment Attempted to get

_CONFIG Configuration deployment
configuration for
the replica “{3}”

eventSystem 26185 OC_CERT_SIGNING_REQEUST Create Cert Operations

Signing Request Console
administrator
“{0}” attempted to
create a certificate
signing request.
Key alias: “{3}”

eventSystem 36001 UCM_SEND_MAIL Mail send event

key.

eventSystem 36022 UCM_LICENSE_CHECK License Check.

eventSystem 36025 UCM_ARCHIVE_REQUEST Archive UCM Administator

request action. “{4}” attempted to
“{3}” UCM
request using the
archive ucm
request utility.

eventSystem 36028 UPDATE_UCM_REQUEST Update UCM Administator

Request attempted to
update
(approve/distribute
/reject/cancel)
UCM request.

2: RSA Authentication Manager Log Messages 175